Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report POInvoiceOrderIuVvcl0VWEOAmXy.exe

Overview

General Information

Sample Name:POInvoiceOrderIuVvcl0VWEOAmXy.exe
Analysis ID:431795
MD5:fb1eb909e34c22f21310565cf4b71563
SHA1:f301810874ac9b59aef7c5ca3d8377e35e4906ba
SHA256:acfd6ceddcb0f24e6a170eb64cfbbb1af4876bcda5fb572c36330b1f6208a84e
Tags:exeNanoCoreRAT
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Sigma detected: NanoCore
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM3
Yara detected Nanocore RAT
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • POInvoiceOrderIuVvcl0VWEOAmXy.exe (PID: 6140 cmdline: 'C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe' MD5: FB1EB909E34C22F21310565CF4B71563)
    • schtasks.exe (PID: 5904 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\KbWjJvsRSE' /XML 'C:\Users\user\AppData\Local\Temp\tmp220B.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 1832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "1fb9e357-3073-471b-ab6f-630ca123", "Group": "kmt", "Domain1": "kkmmtt.duckdns.org", "Domain2": "kmttk.hopto.org", "Port": 6060, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0xff8d:$x1: NanoCore.ClientPluginHost
  • 0xffca:$x2: IClientNetworkHost
  • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0xfcf5:$a: NanoCore
    • 0xfd05:$a: NanoCore
    • 0xff39:$a: NanoCore
    • 0xff4d:$a: NanoCore
    • 0xff8d:$a: NanoCore
    • 0xfd54:$b: ClientPlugin
    • 0xff56:$b: ClientPlugin
    • 0xff96:$b: ClientPlugin
    • 0xfe7b:$c: ProjectData
    • 0x10882:$d: DESCrypto
    • 0x1824e:$e: KeepAlive
    • 0x1623c:$g: LogClientMessage
    • 0x12437:$i: get_Connected
    • 0x10bb8:$j: #=q
    • 0x10be8:$j: #=q
    • 0x10c04:$j: #=q
    • 0x10c34:$j: #=q
    • 0x10c50:$j: #=q
    • 0x10c6c:$j: #=q
    • 0x10c9c:$j: #=q
    • 0x10cb8:$j: #=q
    00000004.00000002.471906228.0000000005730000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xe75:$x1: NanoCore.ClientPluginHost
    • 0xe8f:$x2: IClientNetworkHost
    00000004.00000002.471906228.0000000005730000.00000004.00000001.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0xe75:$x2: NanoCore.ClientPluginHost
    • 0x1261:$s3: PipeExists
    • 0x1136:$s4: PipeCreated
    • 0xeb0:$s5: IClientLoggingHost
    Click to see the 20 entries

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5730000.8.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xe75:$x1: NanoCore.ClientPluginHost
    • 0xe8f:$x2: IClientNetworkHost
    4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5730000.8.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0xe75:$x2: NanoCore.ClientPluginHost
    • 0x1261:$s3: PipeExists
    • 0x1136:$s4: PipeCreated
    • 0xeb0:$s5: IClientLoggingHost
    4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xd9ad:$x1: NanoCore.ClientPluginHost
    • 0xd9da:$x2: IClientNetworkHost
    4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0xd9ad:$x2: NanoCore.ClientPluginHost
    • 0xea88:$s4: PipeCreated
    • 0xd9c7:$s5: IClientLoggingHost
    4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      Click to see the 46 entries

      Sigma Overview

      AV Detection:

      barindex
      Sigma detected: NanoCoreShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe, ProcessId: 1084, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

      E-Banking Fraud:

      barindex
      Sigma detected: NanoCoreShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe, ProcessId: 1084, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

      Stealing of Sensitive Information:

      barindex
      Sigma detected: NanoCoreShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe, ProcessId: 1084, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

      Remote Access Functionality:

      barindex
      Sigma detected: NanoCoreShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe, ProcessId: 1084, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Found malware configurationShow sources
      Source: 00000004.00000002.471023992.000000000433F000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "1fb9e357-3073-471b-ab6f-630ca123", "Group": "kmt", "Domain1": "kkmmtt.duckdns.org", "Domain2": "kmttk.hopto.org", "Port": 6060, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
      Multi AV Scanner detection for domain / URLShow sources
      Source: kmttk.hopto.orgVirustotal: Detection: 6%Perma Link
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000000.232483645.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.471023992.000000000433F000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000000.231248149.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.234767836.0000000003EF1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.472281390.0000000005C60000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: POInvoiceOrderIuVvcl0VWEOAmXy.exe PID: 1084, type: MEMORY
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4355fb9.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c64629.10.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.3ef7e00.1.raw.unpack, type: UNPACKEDPE
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.unpackAvira: Label: TR/NanoCore.fadte
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpackAvira: Label: TR/Dropper.MSIL.Gen7
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpackAvira: Label: TR/Dropper.MSIL.Gen7
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: C:\Windows\mscorlib.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\ntNlgumrQW\src\obj\x86\Debug\DictionaryValueCollection.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: Binary string: mscorlib.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000003.415457537.00000000014C3000.00000004.00000001.sdmp
      Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.472266831.0000000005C50000.00000004.00000001.sdmp
      Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: C:\Windows\dll\mscorlib.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: indows\System.pdbpdbtem.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: System.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: mscorrc.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.240015874.00000000081C0000.00000002.00000001.sdmp, POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.471848695.00000000056C0000.00000002.00000001.sdmp
      Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h1_2_084FF138

      Networking:

      barindex
      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49715 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49717 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49727 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49733 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49736 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49742 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49743 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49747 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49752 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49753 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49755 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49756 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49761 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49762 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49763 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49764 -> 194.5.98.87:6060
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49765 -> 194.5.98.87:6060
      C2 URLs / IPs found in malware configurationShow sources
      Source: Malware configuration extractorURLs: kmttk.hopto.org
      Source: Malware configuration extractorURLs: kkmmtt.duckdns.org
      Uses dynamic DNS servicesShow sources
      Source: unknownDNS query: name: kkmmtt.duckdns.org
      Source: global trafficTCP traffic: 192.168.2.3:49715 -> 194.5.98.87:6060
      Source: Joe Sandbox ViewASN Name: DANILENKODE DANILENKODE
      Source: unknownDNS traffic detected: queries for: kkmmtt.duckdns.org
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.205717116.000000000533D000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersT
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.237751926.0000000005330000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comion
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.237751926.0000000005330000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comionoO
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.237751926.0000000005330000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comm
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.198622750.000000000534B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.198676184.000000000534B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comn4
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.198649241.000000000534B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comt
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.200422874.0000000005334000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/MI
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.200705399.0000000005334000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/r
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.200403684.000000000536D000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnl-p
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/2
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/=
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/O
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/V
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0e
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/i
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/s
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/z
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.198622750.000000000534B000.00000004.00000001.sdmp, POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.198622750.000000000534B000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com5
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.198622750.000000000534B000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.comn-u
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmp, POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.199811798.0000000005339000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.199811798.0000000005339000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krnta
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmp, POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.198915643.000000000534B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.471023992.000000000433F000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

      E-Banking Fraud:

      barindex
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000000.232483645.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.471023992.000000000433F000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000000.231248149.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.234767836.0000000003EF1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.472281390.0000000005C60000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: POInvoiceOrderIuVvcl0VWEOAmXy.exe PID: 1084, type: MEMORY
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4355fb9.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c64629.10.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.3ef7e00.1.raw.unpack, type: UNPACKEDPE

      System Summary:

      barindex
      Malicious sample detected (through community Yara rule)Show sources
      Source: 00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000004.00000002.471906228.0000000005730000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000004.00000000.232483645.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000004.00000000.232483645.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000004.00000002.472266831.0000000005C50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000004.00000000.231248149.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000004.00000000.231248149.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000001.00000002.234767836.0000000003EF1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000001.00000002.234767836.0000000003EF1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000004.00000002.472281390.0000000005C60000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: Process Memory Space: POInvoiceOrderIuVvcl0VWEOAmXy.exe PID: 1084, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: Process Memory Space: POInvoiceOrderIuVvcl0VWEOAmXy.exe PID: 1084, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5730000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c50000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4355fb9.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.32f162c.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c64629.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.32f64a8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.32f162c.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.3ef7e00.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.3ef7e00.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Initial sample is a PE file and has a suspicious nameShow sources
      Source: initial sampleStatic PE information: Filename: POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_04EF16E2 NtQuerySystemInformation,1_2_04EF16E2
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_04EF16B1 NtQuerySystemInformation,1_2_04EF16B1
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_050E85A01_2_050E85A0
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_050EF2281_2_050EF228
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_050E82801_2_050E8280
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_050E0AA01_2_050E0AA0
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_050E93BF1_2_050E93BF
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_050E93D01_2_050E93D0
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_050E96081_2_050E9608
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_050E96181_2_050E9618
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_050E82711_2_050E8271
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_050E0A931_2_050E0A93
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F00701_2_084F0070
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F289A1_2_084F289A
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084FBCB81_2_084FBCB8
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084FC0B01_2_084FC0B0
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084FB9681_2_084FB968
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F0A581_2_084F0A58
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F12281_2_084F1228
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084FC6E01_2_084FC6E0
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F1B481_2_084F1B48
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F93401_2_084F9340
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F00061_2_084F0006
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084FA0381_2_084FA038
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F4CD01_2_084F4CD0
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F4CE01_2_084F4CE0
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F48F81_2_084F48F8
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F41501_2_084F4150
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F41601_2_084F4160
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F850F1_2_084F850F
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F49081_2_084F4908
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F85901_2_084F8590
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F12181_2_084F1218
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F9A281_2_084F9A28
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F36C81_2_084F36C8
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F56D91_2_084F56D9
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F8AF01_2_084F8AF0
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F36B91_2_084F36B9
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F8B481_2_084F8B48
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F1B421_2_084F1B42
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F4B401_2_084F4B40
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084FA7681_2_084FA768
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F57781_2_084F5778
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F47181_2_084F4718
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F47281_2_084F4728
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F4B301_2_084F4B30
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F97C81_2_084F97C8
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: KbWjJvsRSE.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.240684237.0000000008220000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameKygo.dll* vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.240015874.00000000081C0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.236656130.00000000040E4000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll@ vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.233192925.00000000008F8000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDictionaryValueCollection.exe. vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.241506811.0000000008700000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.241595592.00000000087F0000.00000002.00000001.sdmpBinary or memory string: originalfilename vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.241595592.00000000087F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.471906228.0000000005730000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.471750476.0000000005620000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.471023992.000000000433F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.471023992.000000000433F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.472266831.0000000005C50000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameNanoProtectClient.dllT vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.472842498.0000000006650000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000000.230828833.0000000000D28000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDictionaryValueCollection.exe. vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.471848695.00000000056C0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exeBinary or memory string: OriginalFilenameDictionaryValueCollection.exe. vs POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
      Source: 00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000004.00000002.471906228.0000000005730000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000004.00000002.471906228.0000000005730000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000004.00000000.232483645.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000004.00000000.232483645.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000004.00000002.472266831.0000000005C50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000004.00000002.472266831.0000000005C50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000004.00000000.231248149.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000004.00000000.231248149.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000001.00000002.234767836.0000000003EF1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000001.00000002.234767836.0000000003EF1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000004.00000002.472281390.0000000005C60000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000004.00000002.472281390.0000000005C60000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: Process Memory Space: POInvoiceOrderIuVvcl0VWEOAmXy.exe PID: 1084, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: Process Memory Space: POInvoiceOrderIuVvcl0VWEOAmXy.exe PID: 1084, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5730000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5730000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c50000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c50000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4355fb9.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4355fb9.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.32f162c.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.32f162c.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c64629.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c64629.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.32f64a8.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.32f64a8.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.32f162c.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.32f162c.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.3ef7e00.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.3ef7e00.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: KbWjJvsRSE.exe.1.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
      Source: classification engineClassification label: mal100.troj.evad.winEXE@6/6@18/1
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_04EF1566 AdjustTokenPrivileges,1_2_04EF1566
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_04EF152F AdjustTokenPrivileges,1_2_04EF152F
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeFile created: C:\Users\user\AppData\Roaming\KbWjJvsRSE.exeJump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1832:120:WilError_01
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeMutant created: \Sessions\1\BaseNamedObjects\hYTpOlddLWwmJR
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{1fb9e357-3073-471b-ab6f-630ca1239b07}
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeFile created: C:\Users\user\AppData\Local\Temp\tmp220B.tmpJump to behavior
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE id=@id;
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exeString found in binary or memory: -start_number {0} -i "{1}{2}"
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exeString found in binary or memory: <!--StartFragment -->
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exeString found in binary or memory: <<<<<<<3+<!--StartFragment -->
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exeString found in binary or memory: %0{0}d;-start_number {0} -i "{1}{2}"
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeFile read: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe 'C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe'
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\KbWjJvsRSE' /XML 'C:\Users\user\AppData\Local\Temp\tmp220B.tmp'
      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess created: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\KbWjJvsRSE' /XML 'C:\Users\user\AppData\Local\Temp\tmp220B.tmp'Jump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess created: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: C:\Windows\mscorlib.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\ntNlgumrQW\src\obj\x86\Debug\DictionaryValueCollection.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe
      Source: Binary string: mscorlib.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000003.415457537.00000000014C3000.00000004.00000001.sdmp
      Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.472266831.0000000005C50000.00000004.00000001.sdmp
      Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: C:\Windows\dll\mscorlib.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: indows\System.pdbpdbtem.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: System.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp
      Source: Binary string: mscorrc.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.240015874.00000000081C0000.00000002.00000001.sdmp, POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.471848695.00000000056C0000.00000002.00000001.sdmp
      Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466494396.0000000001675000.00000004.00000040.sdmp

      Data Obfuscation:

      barindex
      .NET source code contains potential unpackerShow sources
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_008367DA push es; iretd 1_2_00836827
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_0083687A push es; iretd 1_2_008368C7
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_050EE882 push edx; ret 1_2_050EE889
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_050EDCB2 push cs; retf 1_2_050EDCB3
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F842C push esp; iretd 1_2_084F842D
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F63C1 push cs; ret 1_2_084F63C2
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F63AC push edi; iretd 1_2_084F63AE
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_084F63B6 push edi; iretd 1_2_084F63B8
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 4_3_04406060 push ss; retf 4_3_04406063
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 4_3_043FC678 push ds; iretd 4_3_043FC952
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 4_3_043F8C81 push eax; retf 4_3_043F8C99
      Source: initial sampleStatic PE information: section name: .text entropy: 7.64208263099
      Source: initial sampleStatic PE information: section name: .text entropy: 7.64208263099
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
      Source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
      Source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeFile created: C:\Users\user\AppData\Roaming\KbWjJvsRSE.exeJump to dropped file

      Boot Survival:

      barindex
      Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\KbWjJvsRSE' /XML 'C:\Users\user\AppData\Local\Temp\tmp220B.tmp'

      Hooking and other Techniques for Hiding and Protection:

      barindex
      Icon mismatch, binary includes an icon from a different legit application in order to fool usersShow sources
      Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (35).png
      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeFile opened: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe:Zone.Identifier read attributes | deleteJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion:

      barindex
      Yara detected AntiVM3Show sources
      Source: Yara matchFile source: 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: POInvoiceOrderIuVvcl0VWEOAmXy.exe PID: 6140, type: MEMORY
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeWindow / User API: threadDelayed 353Jump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeWindow / User API: foregroundWindowGot 949Jump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe TID: 1156Thread sleep time: -102819s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe TID: 5876Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe TID: 2796Thread sleep time: -1844674407370954s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe TID: 5884Thread sleep time: -300000s >= -30000sJump to behavior
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeThread delayed: delay time: 102819Jump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.472842498.0000000006650000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: vmware
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: VMWARE
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.472842498.0000000006650000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.472842498.0000000006650000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000003.243360252.00000000014C3000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.472842498.0000000006650000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      Injects a PE file into a foreign processesShow sources
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeMemory written: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe base: 400000 value starts with: 4D5AJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\KbWjJvsRSE' /XML 'C:\Users\user\AppData\Local\Temp\tmp220B.tmp'Jump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeProcess created: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeJump to behavior
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000003.243360252.00000000014C3000.00000004.00000001.sdmpBinary or memory string: Program Manager
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466591333.0000000001A90000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466591333.0000000001A90000.00000002.00000001.sdmpBinary or memory string: Progman
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.469412166.000000000339E000.00000004.00000001.sdmpBinary or memory string: Program Managerp
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.466591333.0000000001A90000.00000002.00000001.sdmpBinary or memory string: Progmanlock
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeCode function: 1_2_0100B51E GetUserNameW,1_2_0100B51E
      Source: C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information:

      barindex
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000000.232483645.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.471023992.000000000433F000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000000.231248149.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.234767836.0000000003EF1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.472281390.0000000005C60000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: POInvoiceOrderIuVvcl0VWEOAmXy.exe PID: 1084, type: MEMORY
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4355fb9.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c64629.10.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.3ef7e00.1.raw.unpack, type: UNPACKEDPE

      Remote Access Functionality:

      barindex
      Detected Nanocore RatShow sources
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.471906228.0000000005730000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
      Source: POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000004.00000002.472266831.0000000005C50000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000000.232483645.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.471023992.000000000433F000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000000.231248149.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.234767836.0000000003EF1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.472281390.0000000005C60000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: POInvoiceOrderIuVvcl0VWEOAmXy.exe PID: 1084, type: MEMORY
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4351990.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.4355fb9.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c64629.10.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.402cd10.2.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.3ef7e00.1.raw.unpack, type: UNPACKEDPE

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsCommand and Scripting Interpreter2Scheduled Task/Job1Access Token Manipulation1Disable or Modify Tools1Input Capture11Account Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/Job1Boot or Logon Initialization ScriptsProcess Injection112Deobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolInput Capture11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Scheduled Task/Job1Obfuscated Files or Information3Security Account ManagerSystem Information Discovery12SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing13NTDSSecurity Software Discovery111Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading11LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol21Manipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion31Cached Domain CredentialsVirtualization/Sandbox Evasion31VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsAccess Token Manipulation1DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection112Proc FilesystemSystem Owner/User Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Hidden Files and Directories1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.5c60000.11.unpack100%AviraTR/NanoCore.fadteDownload File
      4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.3.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
      4.0.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.1.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
      4.2.POInvoiceOrderIuVvcl0VWEOAmXy.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

      Domains

      SourceDetectionScannerLabelLink
      kkmmtt.duckdns.org1%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.sajatypeworks.com50%Avira URL Cloudsafe
      kmttk.hopto.org7%VirustotalBrowse
      kmttk.hopto.org0%Avira URL Cloudsafe
      http://www.sajatypeworks.comn-u0%Avira URL Cloudsafe
      kkmmtt.duckdns.org0%Avira URL Cloudsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/Y0e0%Avira URL Cloudsafe
      http://www.jiyu-kobo.co.jp/20%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/20%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/20%URL Reputationsafe
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.fonts.comt0%Avira URL Cloudsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe
      http://www.founder.com.cn/cnl-p0%Avira URL Cloudsafe
      http://www.founder.com.cn/cn/r0%Avira URL Cloudsafe
      http://www.fontbureau.comionoO0%Avira URL Cloudsafe
      http://www.jiyu-kobo.co.jp/V0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/V0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/V0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/O0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/O0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/O0%URL Reputationsafe
      http://www.fontbureau.comion0%URL Reputationsafe
      http://www.fontbureau.comion0%URL Reputationsafe
      http://www.fontbureau.comion0%URL Reputationsafe
      http://www.fonts.comn40%Avira URL Cloudsafe
      http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/=0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/=0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/=0%URL Reputationsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/z0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/z0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/z0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/s0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/s0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/s0%URL Reputationsafe
      http://www.fontbureau.comm0%URL Reputationsafe
      http://www.fontbureau.comm0%URL Reputationsafe
      http://www.fontbureau.comm0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/i0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/i0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/i0%URL Reputationsafe
      http://www.sandoll.co.krnta0%Avira URL Cloudsafe
      http://www.founder.com.cn/cn/MI0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      kkmmtt.duckdns.org
      		194.5.98.87
      		truetrueunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      kmttk.hopto.orgtrue
      • 7%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      kkmmtt.duckdns.orgtrue
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://www.fontbureau.com/designersGPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
        		high
        http://www.fontbureau.com/designers/?POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
          		high
          http://www.founder.com.cn/cn/bThePOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.sajatypeworks.com5POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.198622750.000000000534B000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.fontbureau.com/designers?POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
            		high
            http://www.sajatypeworks.comn-uPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.198622750.000000000534B000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.tiro.comPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmp, POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.198915643.000000000534B000.00000004.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designersPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
              		high
              http://www.goodfont.co.krPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmpfalse
                		high
                http://www.fontbureau.com/designersTPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.205717116.000000000533D000.00000004.00000001.sdmpfalse
                  		high
                  http://www.sajatypeworks.comPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.198622750.000000000534B000.00000004.00000001.sdmp, POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.typography.netDPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.founder.com.cn/cn/cThePOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.galapagosdesign.com/staff/dennis.htmPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://fontfabrik.comPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/Y0ePOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/2POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.galapagosdesign.com/DPleasePOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.fonts.comPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.198622750.000000000534B000.00000004.00000001.sdmpfalse
                    		high
                    http://www.sandoll.co.krPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmp, POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.199811798.0000000005339000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.fonts.comtPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.198649241.000000000534B000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.urwpp.deDPleasePOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.zhongyicts.com.cnPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.sakkal.comPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cnl-pPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.200403684.000000000536D000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.founder.com.cn/cn/rPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.200705399.0000000005334000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.apache.org/licenses/LICENSE-2.0POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                      		high
                      http://www.fontbureau.comPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.comionoOPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.237751926.0000000005330000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/VPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/OPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.comionPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.237751926.0000000005330000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fonts.comn4POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.198676184.000000000534B000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/jp/POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/=POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.carterandcone.comlPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers/cabarga.htmlNPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                          		high
                          http://www.jiyu-kobo.co.jp/zPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.founder.com.cn/cnPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers/frere-jones.htmlPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                            		high
                            http://www.jiyu-kobo.co.jp/sPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.commPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.237751926.0000000005330000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/iPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.202469085.0000000005334000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers8POInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000002.238749561.0000000006542000.00000004.00000001.sdmpfalse
                              		high
                              http://www.sandoll.co.krntaPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.199811798.0000000005339000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.founder.com.cn/cn/MIPOInvoiceOrderIuVvcl0VWEOAmXy.exe, 00000001.00000003.200422874.0000000005334000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown

                              Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public

                              IPDomainCountryFlagASNASN NameMalicious
                              194.5.98.87
                              		kkmmtt.duckdns.orgNetherlands
                              		208476DANILENKODEtrue

                              General Information

                              Joe Sandbox Version:32.0.0 Black Diamond
                              Analysis ID:431795
                              Start date:09.06.2021
                              Start time:10:35:15
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 8m 23s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Sample file name:POInvoiceOrderIuVvcl0VWEOAmXy.exe
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                              Number of analysed new started processes analysed:26
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal100.troj.evad.winEXE@6/6@18/1
                              EGA Information:Failed
                              HDC Information:
                              • Successful, ratio: 0.5% (good quality ratio 0.2%)
                              • Quality average: 30.6%
                              • Quality standard deviation: 37.8%
                              HCA Information:
                              • Successful, ratio: 82%
                              • Number of executed functions: 165
                              • Number of non-executed functions: 28
                              Cookbook Comments:
                              • Adjust boot time
                              • Enable AMSI
                              • Found application associated with file extension: .exe
                              Warnings:
                              Show All
                              • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                              • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 52.147.198.201, 104.43.193.48, 52.255.188.83, 13.64.90.137, 104.43.139.144, 20.50.102.62, 40.88.32.150, 104.42.151.234, 184.30.24.56, 20.54.26.129, 205.185.216.10, 205.185.216.42, 20.82.210.154, 92.122.213.247, 92.122.213.194, 40.126.31.138, 40.126.31.142, 40.126.31.140, 40.126.31.5, 40.126.31.3, 20.190.159.131, 40.126.31.7, 20.190.159.137, 131.253.33.200, 13.107.22.200
                              • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, skypedataprdcoleus15.cloudapp.net, login.live.com, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, cds.d2s7q6s2.hwcdn.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, login.msa.msidentity.com, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, dual-a-0001.dc-msedge.net, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              10:36:08API Interceptor946x Sleep call for process: POInvoiceOrderIuVvcl0VWEOAmXy.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              194.5.98.87Invoice_orderYscFwfO1peuGl0w.exeGet hashmaliciousBrowse

                                Domains

                                No context

                                ASN

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                DANILENKODEpayment invoice.exeGet hashmaliciousBrowse
                                • 194.5.98.23
                                #RFQ ORDER484475577797.exeGet hashmaliciousBrowse
                                • 194.5.98.120
                                b6yzWugw8V.exeGet hashmaliciousBrowse
                                • 194.5.98.107
                                0041#Receipt.pif.exeGet hashmaliciousBrowse
                                • 194.5.98.180
                                j07ghiByDq.exeGet hashmaliciousBrowse
                                • 194.5.97.146
                                j07ghiByDq.exeGet hashmaliciousBrowse
                                • 194.5.97.146
                                PROOF OF PAYMENT.exeGet hashmaliciousBrowse
                                • 194.5.97.18
                                SecuriteInfo.com.Trojan.PackedNET.820.24493.exeGet hashmaliciousBrowse
                                • 194.5.97.61
                                DHL_file.exeGet hashmaliciousBrowse
                                • 194.5.98.145
                                BBS FX.xlsxGet hashmaliciousBrowse
                                • 194.5.97.61
                                GpnPv433gb.exeGet hashmaliciousBrowse
                                • 194.5.98.11
                                Kj7tTd1Zimp0ciI.exeGet hashmaliciousBrowse
                                • 194.5.97.197
                                Resume.exeGet hashmaliciousBrowse
                                • 194.5.98.8
                                SecuriteInfo.com.Trojan.DownLoader39.38629.28832.exeGet hashmaliciousBrowse
                                • 194.5.98.145
                                SecuriteInfo.com.Variant.Razy.840898.18291.exeGet hashmaliciousBrowse
                                • 194.5.98.144
                                8LtwhjD2Qm.exeGet hashmaliciousBrowse
                                • 194.5.98.107
                                Receiptn.exeGet hashmaliciousBrowse
                                • 194.5.98.180
                                soa5.exeGet hashmaliciousBrowse
                                • 194.5.98.48
                                soa5.exeGet hashmaliciousBrowse
                                • 194.5.98.48
                                68Aj4oxPok.exeGet hashmaliciousBrowse
                                • 194.5.98.144

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\POInvoiceOrderIuVvcl0VWEOAmXy.exe.log
                                Process:C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:modified
                                Size (bytes):664
                                Entropy (8bit):5.288448637977022
                                Encrypted:false
                                SSDEEP:12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
                                MD5:B1DB55991C3DA14E35249AEA1BC357CA
                                SHA1:0DD2D91198FDEF296441B12F1A906669B279700C
                                SHA-256:34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
                                SHA-512:BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
                                Malicious:false
                                Reputation:moderate, very likely benign file
                                Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..
                                C:\Users\user\AppData\Local\Temp\tmp220B.tmp
                                Process:C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe
                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1643
                                Entropy (8bit):5.195851646316711
                                Encrypted:false
                                SSDEEP:24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBn0tn:cbh47TlNQ//rydbz9I3YODOLNdq3Fy
                                MD5:6BD2FC1377B3D6119F378DD2802ED9AB
                                SHA1:E45F4CE47ED5253087DC3C91EDCDF6148BEF6624
                                SHA-256:A055D15B0C016003FEEF850630AE264447E960B36E5AF3AF59795C31C9F0A688
                                SHA-512:225AD55642A9D82BF502E08C424579F2F187639B69BDCFC34E16146B747166D83BBC6F2177502877962472BB0C1EC00B5AAFA6FE6954F961989B09EDB512B0FD
                                Malicious:true
                                Reputation:low
                                Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                                C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
                                Process:C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):2728
                                Entropy (8bit):7.094528505897445
                                Encrypted:false
                                SSDEEP:48:Ik/t3FmH8Uk/t3FmH8Uk/t3FmH8Uk/t3FmH8Uk/t3FmH8Uk/t3FmH8Uk/t3FmH87:ft3Ucrt3Ucrt3Ucrt3Ucrt3Ucrt3UcrN
                                MD5:3F16EC9869DEDFFEC07792CA71B87AB5
                                SHA1:124F3AAEB04E11DEA7361736CE472750D237D3D2
                                SHA-256:1A187F3EF38284FF4EE2B20D6021C884E42FC72284F2DA858D7E389CE9C7D0E9
                                SHA-512:8DDE0277C2F8CF1CEF64B1EDF120C4A239619FBE9513C833C94B9A429984ECB8AD2A346FD9E333270207951021CCB0CA08FFCDF2ADE538AAFC2B5FAAA1ADF0A2
                                Malicious:false
                                Reputation:low
                                Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL....f.Z#.|...@HkG....G..O*V..........pz...."....r...w&&|..c..3}~.....~...os..f.......4..1.gJ.'.d".L...A.t...F.{....C.|&.wGj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL....f.Z#.|...@HkG....G..O*V..........pz...."....r...w&&|..c..3}~.....~...os..f.......4..1.gJ.'.d".L...A.t...F.{....C.|&.wGj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL....f.Z#.|...@HkG....G..O*V..........pz...."....r...w&&|..c..3}~.....~...os..f.......4..1.gJ.'.d".L...A.t...F.{....C.|&.wGj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL....f.Z#.|...@HkG....G..O*V..........pz...."....r...w&&|..c..3}~.....~...os..f.......4..1.gJ.'.d".L...A.t...F.{....C.|&.wGj.h\.3.
                                C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                Process:C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8
                                Entropy (8bit):3.0
                                Encrypted:false
                                SSDEEP:3:mctn:mcn
                                MD5:D6F53F9D52EE3C43FAAB54C8BBDCDB9B
                                SHA1:FC2E188E00AFF335ABF17FB3319433CEE7CBC77A
                                SHA-256:93FB74B9C257EF909456FB14BDE732BE75C99B21F66C6CD31BD5AE51614F8B4E
                                SHA-512:FB68328E003834C01595D46C036CF042F387662B6164942A8ABD5EEAA5797AB0D9C0E2AE5BDFA9E9C7B66C5186748EC728FEABB7C196E57F2EFD216FD3D2A504
                                Malicious:true
                                Reputation:low
                                Preview: .@..m+.H
                                C:\Users\user\AppData\Roaming\KbWjJvsRSE.exe
                                Process:C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):919552
                                Entropy (8bit):7.392987782971905
                                Encrypted:false
                                SSDEEP:24576:SRjfsacU2VITgLiflegZKnWV0trUGrO2:QmITtZgWurnZ
                                MD5:FB1EB909E34C22F21310565CF4B71563
                                SHA1:F301810874AC9B59AEF7C5CA3D8377E35E4906BA
                                SHA-256:ACFD6CEDDCB0F24E6A170EB64CFBBB1AF4876BCDA5FB572C36330B1F6208A84E
                                SHA-512:E4D3C5A58D21FCC3E7A3D3AEC066C0A7B9CCC83B3328813D9E13F16085B1BF5A5E7FA90D1145D5EE7D15D045F9FA66169C4448B79D761EC2B9A1C8C75E768073
                                Malicious:false
                                Reputation:low
                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~`.`..............P..P...........o... ........@.. .......................`............@..................................n..O...........................@.......m............................................... ............... ..H............text....O... ...P.................. ..`.rsrc...............R..............@..@.reloc.......@......................@..B.................n......H...........T:...........................................................0............(....(..........(.....o ....*.....................(!......("......(#......($......(%....*N..(....oS...(&....*&..('....*.s(........s)........s*........s+........s,........*....0...........~....o-....+..*.0...........~....o.....+..*.0...........~....o/....+..*.0...........~....o0....+..*.0...........~....o1....+..*..(2...*6..o3...(4...*&...o5...*.0..............,...+...(6...s7.....*&..(2....*.
                                C:\Users\user\AppData\Roaming\KbWjJvsRSE.exe:Zone.Identifier
                                Process:C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):26
                                Entropy (8bit):3.95006375643621
                                Encrypted:false
                                SSDEEP:3:ggPYV:rPYV
                                MD5:187F488E27DB4AF347237FE461A079AD
                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                Malicious:false
                                Reputation:high, very likely benign file
                                Preview: [ZoneTransfer]....ZoneId=0

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Entropy (8bit):7.392987782971905
                                TrID:
                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                • Generic Win/DOS Executable (2004/3) 0.01%
                                • DOS Executable Generic (2002/1) 0.01%
                                File name:POInvoiceOrderIuVvcl0VWEOAmXy.exe
                                File size:919552
                                MD5:fb1eb909e34c22f21310565cf4b71563
                                SHA1:f301810874ac9b59aef7c5ca3d8377e35e4906ba
                                SHA256:acfd6ceddcb0f24e6a170eb64cfbbb1af4876bcda5fb572c36330b1f6208a84e
                                SHA512:e4d3c5a58d21fcc3e7a3d3aec066c0a7b9ccc83b3328813d9e13f16085b1bf5a5e7fa90d1145d5ee7d15d045f9fa66169c4448b79d761ec2b9a1c8c75e768073
                                SSDEEP:24576:SRjfsacU2VITgLiflegZKnWV0trUGrO2:QmITtZgWurnZ
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~`.`..............P..P...........o... ........@.. .......................`............@................................

                                File Icon

                                Icon Hash:e4ccccc4d6c6ced0

                                Static PE Info

                                General

                                Entrypoint:0x4c6f12
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                Time Stamp:0x60C0607E [Wed Jun 9 06:32:30 2021 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:v2.0.50727
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                Entrypoint Preview

                                Instruction
                                jmp dword ptr [00402000h]
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0xc6ec00x4f.text
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xc80000x1b3d4.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xe40000xc.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0xc6d880x1c.text
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x20000xc4f180xc5000False0.824205117782data7.64208263099IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                .rsrc0xc80000x1b3d40x1b400False0.163507024083data3.50216689317IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .reloc0xe40000xc0x200False0.044921875data0.0980041756627IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountry
                                RT_ICON0xc82500x2682PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                RT_ICON0xca8d40x10828dBase III DBT, version number 0, next free block index 40
                                RT_ICON0xdb0fc0x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
                                RT_ICON0xdf3240x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                                RT_ICON0xe18cc0x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 2583634198, next used block 268378390
                                RT_ICON0xe29740x468GLS_BINARY_LSB_FIRST
                                RT_GROUP_ICON0xe2ddc0x5adata
                                RT_GROUP_ICON0xe2e380x3edata
                                RT_VERSION0xe2e780x370data
                                RT_MANIFEST0xe31e80x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                Imports

                                DLLImport
                                mscoree.dll_CorExeMain

                                Version Infos

                                DescriptionData
                                Translation0x0000 0x04b0
                                LegalCopyrightCopyright Kanal 2 2012
                                Assembly Version2.0.0.0
                                InternalNameDictionaryValueCollection.exe
                                FileVersion2.0.0.0
                                CompanyNameKanal 2
                                LegalTrademarks
                                Comments
                                ProductNameeg2012
                                ProductVersion2.0.0.0
                                FileDescriptioneg2012
                                OriginalFilenameDictionaryValueCollection.exe

                                Network Behavior

                                Snort IDS Alerts

                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                06/09/21-10:36:21.025415TCP2025019ET TROJAN Possible NanoCore C2 60B497156060192.168.2.3194.5.98.87
                                06/09/21-10:36:27.238432TCP2025019ET TROJAN Possible NanoCore C2 60B497176060192.168.2.3194.5.98.87
                                06/09/21-10:36:33.643583TCP2025019ET TROJAN Possible NanoCore C2 60B497276060192.168.2.3194.5.98.87
                                06/09/21-10:36:39.965819TCP2025019ET TROJAN Possible NanoCore C2 60B497336060192.168.2.3194.5.98.87
                                06/09/21-10:36:47.045107TCP2025019ET TROJAN Possible NanoCore C2 60B497366060192.168.2.3194.5.98.87
                                06/09/21-10:36:53.291694TCP2025019ET TROJAN Possible NanoCore C2 60B497426060192.168.2.3194.5.98.87
                                06/09/21-10:36:59.519297TCP2025019ET TROJAN Possible NanoCore C2 60B497436060192.168.2.3194.5.98.87
                                06/09/21-10:37:05.825337TCP2025019ET TROJAN Possible NanoCore C2 60B497476060192.168.2.3194.5.98.87
                                06/09/21-10:37:12.192676TCP2025019ET TROJAN Possible NanoCore C2 60B497526060192.168.2.3194.5.98.87
                                06/09/21-10:37:19.250964TCP2025019ET TROJAN Possible NanoCore C2 60B497536060192.168.2.3194.5.98.87
                                06/09/21-10:37:30.459866TCP2025019ET TROJAN Possible NanoCore C2 60B497556060192.168.2.3194.5.98.87
                                06/09/21-10:37:36.867895TCP2025019ET TROJAN Possible NanoCore C2 60B497566060192.168.2.3194.5.98.87
                                06/09/21-10:37:43.200507TCP2025019ET TROJAN Possible NanoCore C2 60B497616060192.168.2.3194.5.98.87
                                06/09/21-10:37:49.441608TCP2025019ET TROJAN Possible NanoCore C2 60B497626060192.168.2.3194.5.98.87
                                06/09/21-10:37:55.708033TCP2025019ET TROJAN Possible NanoCore C2 60B497636060192.168.2.3194.5.98.87
                                06/09/21-10:38:01.940654TCP2025019ET TROJAN Possible NanoCore C2 60B497646060192.168.2.3194.5.98.87
                                06/09/21-10:38:07.998819TCP2025019ET TROJAN Possible NanoCore C2 60B497656060192.168.2.3194.5.98.87

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jun 9, 2021 10:36:20.278894901 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:20.497256994 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:20.497406006 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:21.025414944 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:21.307878971 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:21.308171034 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:21.515808105 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:21.515995026 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:21.578834057 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:21.785729885 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:21.785798073 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.006258965 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.006345987 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.288290024 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.288491011 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.568294048 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.568470001 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.610862970 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.610958099 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.611314058 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.611386061 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.611453056 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.611474037 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.611524105 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.611546040 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.702630997 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.834319115 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.834400892 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.852669954 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.852750063 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.852941990 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.852986097 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.861932039 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.862026930 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.862586975 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.862639904 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.862936974 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.863399029 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.863615036 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.863683939 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.863935947 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.863982916 CEST606049715194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:22.863991022 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:22.864020109 CEST497156060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:27.019439936 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:27.237756014 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:27.237894058 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:27.238431931 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:27.508985996 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:27.509912014 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:27.610074997 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:27.610152006 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:27.789401054 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:27.789505959 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:27.889475107 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:27.889585972 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.022054911 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.022186041 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.169262886 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.169471979 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.284943104 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.285156965 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.439126968 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.439287901 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.473059893 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.473227024 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.473345995 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.473396063 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.473479033 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.473521948 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.473612070 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.473664999 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.555447102 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.555515051 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.707134008 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.707173109 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.707190990 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.707207918 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.707328081 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.707380056 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.707458019 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.707516909 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.716397047 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.716522932 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.716551065 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.716588020 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.716618061 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.716677904 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.820178032 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.820348024 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.940015078 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.940057039 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.940102100 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.940154076 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.940205097 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.941556931 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.941610098 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.942374945 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.942442894 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.942563057 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.942615986 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.943963051 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.944020987 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.944880962 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.944914103 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.944958925 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.944979906 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.952207088 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.952308893 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.952441931 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.952543974 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.952586889 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.952681065 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.953361034 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.953444958 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.954946041 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.955054045 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.955127954 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.955173969 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:28.955852985 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:28.955905914 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.109390020 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.109503031 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.155550957 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.186507940 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.186604023 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.199563980 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.199659109 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.200375080 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.200452089 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.200475931 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.200544119 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.201953888 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.201986074 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.202011108 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.202258110 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.202445984 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.202502012 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.202590942 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.202641010 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.203725100 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.203778982 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.203960896 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.204020023 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.204819918 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.206058025 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.206087112 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.206098080 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.206145048 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.206173897 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.206739902 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.206796885 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.207051039 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.207103968 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.207371950 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.207421064 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.217036009 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.217080116 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.217111111 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.217161894 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.217231989 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.217256069 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.217272997 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.217312098 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.217364073 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.217386961 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.217430115 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.217456102 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.222970963 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.223007917 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.223042011 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.223071098 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.223172903 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.223198891 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.223234892 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.223262072 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.223328114 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.223390102 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.224911928 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.224982023 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.225876093 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.225939035 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.228219032 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.228292942 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.230072975 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.230123043 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:29.230885029 CEST606049717194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:29.230951071 CEST497176060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:33.411469936 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:33.642741919 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:33.642848015 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:33.643583059 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:33.929039001 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:33.929124117 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:34.017446995 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:34.017607927 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:34.228952885 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:34.229103088 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:34.300919056 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:34.301007986 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:34.470468998 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:34.470608950 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:34.588701963 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:34.588773012 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:34.777281046 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:34.777407885 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:34.867338896 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:34.912072897 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:34.912127018 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:34.912237883 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:34.912254095 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:34.912282944 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:34.912329912 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:34.912341118 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:34.912345886 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.062568903 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.062764883 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.162166119 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.162409067 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.170721054 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.170767069 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.170845985 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.170871973 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.170881033 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.170928001 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.171065092 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.171120882 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.173860073 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.173906088 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.173943996 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.173966885 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.173974037 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.174024105 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.343833923 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.343923092 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.418091059 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.418154955 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.418195009 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.418222904 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.418267965 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.418277025 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.423852921 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.423908949 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.423913002 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.423953056 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.432967901 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.433041096 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.433934927 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.433976889 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.434005976 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.434035063 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.435929060 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.435976982 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.435983896 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.436037064 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.436722040 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.436784983 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.436954021 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.437017918 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.437757969 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.437810898 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.438810110 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.438852072 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.438860893 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.438899040 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.438963890 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.439013004 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.483897924 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.629180908 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.629267931 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.667323112 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.667407990 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.668669939 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.668740988 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.670032024 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.670124054 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.670192957 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.670241117 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.672278881 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.672342062 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.672360897 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.672405958 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.676836967 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.676925898 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.677864075 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.677920103 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.678349018 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.678400993 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.678549051 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.678599119 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.679497004 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.679549932 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.680265903 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.680319071 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.693295002 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.693339109 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.693373919 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.693377972 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.693402052 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.693417072 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.693418980 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.693458080 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.693471909 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.693499088 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.693502903 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.693567991 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.693583965 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.693635941 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.694288969 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.694343090 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.695379972 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.695420980 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.695432901 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.695466995 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.696628094 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.696683884 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.697911024 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.698004007 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.706907034 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.706962109 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.707225084 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.707273006 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.707300901 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.707324028 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.709275007 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.709337950 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.709621906 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.709665060 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.709681034 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.709703922 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.709705114 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.709743977 CEST606049727194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:35.709758043 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:35.709788084 CEST497276060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:39.743499041 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:39.963964939 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:39.965318918 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:39.965818882 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:40.247258902 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:40.249767065 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:40.317459106 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:40.323101997 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:40.529381037 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:40.531025887 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:40.753343105 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:40.753565073 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.020376921 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.020462990 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.290843964 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.290965080 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.324996948 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.325031042 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.325042963 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.325176001 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.326801062 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.326880932 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.550033092 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.550064087 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.550137043 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.550890923 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.550952911 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.563877106 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.563918114 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.563977003 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.564407110 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.564455032 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.565452099 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.565506935 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.566804886 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.566849947 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.783618927 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.783719063 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.784825087 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.784881115 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.784948111 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.784995079 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.785350084 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.785398006 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.785552979 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.785600901 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.785686970 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.785731077 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.808044910 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.808115959 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.808886051 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.808929920 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.808952093 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.809061050 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.809088945 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.809101105 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.809216022 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.810730934 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.810797930 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.811815023 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.811889887 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.811916113 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.811996937 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.812155008 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.812206984 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.812424898 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:41.812479973 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:41.843763113 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.015882969 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.015959978 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.016433954 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.016479015 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.016522884 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.016562939 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.017946959 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.018004894 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.026576042 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.026628971 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.026643038 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.026679993 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.027245045 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.027296066 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.027462959 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.027509928 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.028995991 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.029036999 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.029052019 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.029081106 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.029164076 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.029211998 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.030688047 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.030770063 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.030846119 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.030894995 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.031037092 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.031074047 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.031085014 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.031136036 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.032360077 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.032409906 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.045800924 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.045851946 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.045876980 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.045909882 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.046359062 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.046401024 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.047913074 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.047964096 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.048110008 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.048156023 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.048331022 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.048379898 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.048449039 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.048501968 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.049720049 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.049803019 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.050873995 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.050957918 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.051018953 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.051095963 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.051837921 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.051928043 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.052980900 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.053039074 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.053811073 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.053895950 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.054784060 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.054879904 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.054932117 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.054987907 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:42.055457115 CEST606049733194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:42.055553913 CEST497336060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:46.825064898 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:47.044389009 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:47.044507027 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:47.045106888 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:47.329052925 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:47.329242945 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:47.379492044 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:47.379652023 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:47.603440046 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:47.603522062 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:47.827928066 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:47.828069925 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.110213995 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.110307932 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.388876915 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.388974905 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.408370018 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.408482075 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.423052073 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.423084974 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.423172951 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.423196077 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.423697948 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.423779964 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.633565903 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.633658886 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.634370089 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.634478092 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.666470051 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.666565895 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.668152094 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.668215036 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.668235064 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.668286085 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.668942928 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.669024944 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.669038057 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.669101000 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.669698954 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.669770002 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.813218117 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.866427898 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.866456032 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.866558075 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.866580963 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.866652012 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.867469072 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.867824078 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.911962032 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.912075043 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.912103891 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.912163973 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.912275076 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.912343025 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.917503119 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.917531013 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.917608976 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.919023037 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.919806004 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.919891119 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.919910908 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.919969082 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.929183960 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.929214001 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.929234982 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.929303885 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.929342031 CEST606049736194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:48.929402113 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:48.929435015 CEST497366060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:53.072480917 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:53.290703058 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:53.291001081 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:53.291693926 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:53.568947077 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:53.569112062 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:53.665788889 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:53.665987968 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:53.848997116 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:53.849438906 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:53.937880993 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:53.938688040 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.071080923 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.072601080 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.211837053 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.212317944 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.336836100 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.337445021 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.485877991 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.487874031 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.504584074 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.504653931 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.504910946 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.513317108 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.513360023 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.513504982 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.610920906 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.731604099 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.732883930 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.732928038 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.733164072 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.733319044 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.735063076 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.741308928 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.743000984 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.743112087 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.743639946 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.744378090 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.744489908 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.963843107 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.964464903 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.976418972 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.976459980 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.976624012 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.978013039 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.978210926 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.986237049 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.986336946 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.986507893 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.986582041 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.986599922 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.986617088 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.986670017 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.986723900 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.986728907 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.986762047 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.986831903 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.986931086 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.986995935 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.992809057 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.992830038 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.992917061 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.992945910 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:54.992986917 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.993036985 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:54.993052006 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.200983047 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.201026917 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.201245070 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.203142881 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.203305006 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.204495907 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.225003958 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.225069046 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.225111961 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.225307941 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.225933075 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.226015091 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.226077080 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.226139069 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.226488113 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.226556063 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.226558924 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.226619959 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.226793051 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.226855993 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.226875067 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.226919889 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.226937056 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.226958990 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.226982117 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.226999998 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.227021933 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.227061987 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.227521896 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.227564096 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.227587938 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.227618933 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.228744030 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.229651928 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.229723930 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.230900049 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.231451035 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.231524944 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.233944893 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.234025002 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.234086990 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.234154940 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.234657049 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.235383034 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.235507965 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.235580921 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.235651016 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.236884117 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.236924887 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.237001896 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.237032890 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.237364054 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.237441063 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.238928080 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.239123106 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.239782095 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.240288019 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.240360975 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.438750982 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.438785076 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.438864946 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.438920975 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.439533949 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.439558029 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.439573050 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.439589024 CEST606049742194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:55.439609051 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:55.439656019 CEST497426060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:59.298363924 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:59.518419981 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:59.518516064 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:59.519296885 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:59.808834076 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:59.808938980 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:36:59.859514952 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:36:59.860800982 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.078982115 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.080284119 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.133234978 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.133393049 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.306066990 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.308312893 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.411604881 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.412905931 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.586592913 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.588952065 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.691299915 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.692883015 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.720002890 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.720055103 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.720232964 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.728912115 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.729434967 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.729583025 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.858886003 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.859380007 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.953316927 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.953591108 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.953886986 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.953977108 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.954024076 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.954108953 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.967690945 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.967725992 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.967761040 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.967803001 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.967855930 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.967861891 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.968832970 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.968872070 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:00.968904018 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:00.968946934 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.140818119 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.140939951 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.196238995 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.196280003 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.196326017 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.196368933 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.196429014 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.196468115 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.196470022 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.196516991 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.196526051 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.196531057 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.198014975 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.198146105 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.198282957 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.198354959 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.198649883 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.198714972 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.200356007 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.200449944 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.200498104 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.200571060 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.209853888 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.209903002 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.209978104 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.210020065 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.210027933 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.210088968 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.210189104 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.210216999 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.210303068 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.405333042 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.405431986 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.429418087 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.429542065 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.430943012 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.430978060 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.431015968 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.431225061 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.431277037 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.431299925 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.431334972 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.431341887 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.431370974 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.431402922 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.431427956 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.431440115 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.440062046 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.440102100 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.440228939 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.440306902 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.440349102 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.440376043 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.440387011 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.440421104 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.440440893 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.440691948 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.440732002 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.440768003 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.440768957 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.440783978 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.440808058 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.440824032 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.440848112 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.440857887 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.440952063 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.440995932 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.441035032 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.441081047 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.441097021 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.441145897 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.441210985 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.442096949 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.442174911 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.443023920 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.443064928 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.443372965 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.444896936 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.444961071 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.444976091 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.445002079 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.445019960 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.445072889 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.445482969 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.445991993 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.446609974 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.446661949 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.447329044 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.448009014 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.448088884 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.449014902 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.449090958 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.449907064 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.449980021 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.511265993 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.660840034 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.660974026 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.674055099 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.674109936 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.674232006 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.674278021 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.674931049 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.675115108 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.676088095 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.676166058 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.676300049 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.676367044 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.676456928 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.676518917 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.676527023 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.676595926 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.678000927 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.678076982 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.678941965 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.678982019 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.679007053 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.679049969 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.680023909 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.680066109 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.680105925 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.680131912 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.680691957 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.680757046 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.680941105 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.681004047 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.690076113 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.690116882 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.690164089 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.690174103 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.690229893 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.690274000 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.690311909 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.690314054 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.690320015 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.690371990 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.690435886 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.690474987 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.690490007 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.690521955 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.690896988 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.690939903 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.690954924 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.690978050 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.690992117 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.691014051 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.691032887 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.691052914 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.691065073 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.691106081 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.691618919 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.691668034 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.691678047 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.691721916 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.692347050 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.692409039 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.693392038 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.693434954 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.693453074 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.693484068 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.694837093 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.694896936 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.695000887 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.695055962 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.695729017 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.695782900 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.695981026 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.696039915 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.698116064 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.698154926 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.698178053 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.698201895 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.700059891 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.700124025 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.700337887 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.700413942 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.700512886 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.700576067 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.702126026 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.702189922 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.710984945 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.711045980 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.711093903 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.711096048 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.711113930 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.711154938 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.711250067 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.711298943 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.711314917 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.711359024 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.711370945 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.711426973 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:01.711591005 CEST606049743194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:01.711649895 CEST497436060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:05.586055994 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:05.816296101 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:05.816441059 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:05.825336933 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:06.101968050 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:06.102060080 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:06.159774065 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:06.160418987 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:06.379700899 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:06.381762981 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:06.439672947 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:06.617002010 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:06.621397972 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:06.902256966 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:06.902380943 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.188909054 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.189069033 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.221179962 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.221232891 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.221349955 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.221411943 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.222445011 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.222487926 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.222546101 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.222573042 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.472953081 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.473006964 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.473086119 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.473155975 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.473820925 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.473902941 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.473952055 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.474019051 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.474901915 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.474944115 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.474981070 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.475008965 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.475825071 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.475899935 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.476047039 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.476111889 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.689474106 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.726588011 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.726730108 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.727279902 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.727320910 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.727370977 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.727401018 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.727513075 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.727591038 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.729655027 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.729695082 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.729746103 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.729763031 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.729991913 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.730051994 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.731247902 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.731319904 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.731372118 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.731436014 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.732353926 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.732398987 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.732422113 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.732449055 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.732531071 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.732568979 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.732614994 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.732641935 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.732822895 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.732884884 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.733834028 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.733901024 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:07.734767914 CEST606049747194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:07.734833002 CEST497476060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:11.967897892 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:12.190475941 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:12.192327023 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:12.192676067 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:12.453948975 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:12.461817980 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:12.561709881 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:12.565962076 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:12.735539913 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:12.735632896 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:12.839472055 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:12.839680910 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:12.965655088 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:12.965815067 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.110373974 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.110466957 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.268179893 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.268258095 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.394378901 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.394458055 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.415781975 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.415863037 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.416557074 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.416639090 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.418205976 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.418282032 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.425846100 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.425956011 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.539290905 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.539367914 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.644072056 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.644157887 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.652997017 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.653053045 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.653745890 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.653804064 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.653882027 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.653924942 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.654084921 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.654136896 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.654139042 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.654191017 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.663007975 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.663063049 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.663075924 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.663150072 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.808944941 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.809077024 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.872395992 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.872502089 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.874057055 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.874336004 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.895262003 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.899866104 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.900021076 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.900295973 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.900460958 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.900528908 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.900656939 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.902033091 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.902925968 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.903978109 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.905081987 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.905191898 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.905241966 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.905985117 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.906133890 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.906977892 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.907151937 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.908853054 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.908905983 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.908996105 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.909014940 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.911341906 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.911448002 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:13.912861109 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:13.912969112 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.071882010 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.073942900 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.081291914 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.120635033 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.120712996 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.120759010 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.120790958 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.121604919 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.122484922 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.127485991 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.130557060 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.130660057 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.137197971 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.137238979 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.141963959 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.145956993 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.146033049 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.146150112 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.146217108 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.146239042 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.146250963 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.148031950 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.148186922 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.148309946 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.148365021 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.148365021 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.148370981 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.148375988 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.148420095 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.148467064 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.148511887 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.148706913 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.148760080 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.148812056 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.148827076 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.148838997 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.148845911 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.148852110 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.148858070 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.148863077 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.149032116 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.149050951 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.149139881 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.149780989 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.149929047 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.150784016 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.150846004 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.150907040 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.150924921 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.151762962 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.151848078 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.160948992 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.161206961 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.161262989 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.161309004 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.161312103 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.161319017 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.161323071 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.161364079 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.161381006 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.161443949 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.161520958 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.161529064 CEST606049752194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:14.161535025 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:14.161642075 CEST497526060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:18.462141037 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:18.899518013 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:18.899709940 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:19.250963926 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:19.534590960 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:19.534914970 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:19.624329090 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:19.624636889 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:20.063782930 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.064008951 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:20.175818920 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.302274942 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.305246115 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:20.580385923 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.580524921 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:20.595362902 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.595479012 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:20.604794025 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.604824066 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.604840994 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.604907990 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:20.604954004 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:20.604963064 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:20.841949940 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.841999054 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.842108011 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:20.842156887 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:20.868011951 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.868218899 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:20.868885040 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.868988037 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:20.869072914 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.869091034 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.869103909 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.869164944 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:20.869229078 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:20.869282961 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:20.869394064 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.088365078 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.088840961 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.109838009 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.109869003 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.109884977 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.109965086 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.109997034 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.123260021 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.123337030 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.123382092 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.123441935 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.124588966 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.124974966 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.124994993 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.125072002 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.125109911 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.126899958 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.126925945 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.126995087 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.127834082 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.127897978 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.128155947 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.128221035 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.128792048 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.128871918 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.129736900 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.129826069 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.129879951 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.129959106 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.325412989 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.325618982 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.331548929 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.339375973 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.339576960 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.353429079 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.353455067 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.353584051 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.362692118 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.362725973 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.362838030 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.364857912 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.364881039 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.364979982 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.365011930 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.365112066 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.365812063 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.365834951 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.365911961 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.373743057 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.373769045 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.373861074 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.382463932 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.382488012 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.382680893 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.383887053 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.383995056 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.384897947 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.384918928 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.385001898 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.385054111 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.385148048 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.385221958 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.385318995 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.386902094 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.386925936 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.387012005 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.387636900 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.387659073 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.387737036 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.389851093 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.389976978 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.393841028 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.393987894 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.394057035 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.394078970 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.394160032 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.394253969 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.394342899 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.399883032 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.399908066 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.399950981 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.400078058 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:21.569468021 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.569500923 CEST606049753194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:21.569681883 CEST497536060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:25.423774004 CEST497546060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:25.643532038 CEST606049754194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:25.643743038 CEST497546060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:25.645133972 CEST497546060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:25.864346981 CEST606049754194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:30.236037970 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:30.458901882 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:30.459079027 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:30.459866047 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:30.743907928 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:30.745816946 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:30.889406919 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:30.889781952 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.028781891 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.029030085 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.163535118 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.163768053 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.250997066 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.300724030 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.443994045 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.444480896 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.710423946 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.710524082 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.735650063 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.735752106 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.737027884 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.737066984 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.737098932 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.737133026 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.737672091 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.737756968 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.969546080 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.969646931 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.969754934 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.982578993 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.982652903 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.982696056 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.982716084 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.982741117 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.982810974 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.982851982 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.982871056 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.982884884 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.982939959 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:31.982979059 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:31.983510017 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.199009895 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.199099064 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.200809956 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.201566935 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.209873915 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.209925890 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.209964991 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.210007906 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.210038900 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.210078955 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.210902929 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.213691950 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.219481945 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.219547987 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.219659090 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.219660044 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.219747066 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.222796917 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.222886086 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.222963095 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.223087072 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.223181963 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.223304033 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.223344088 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.223373890 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.223381996 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.223397017 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.223454952 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.379734993 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.433865070 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.433931112 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.434103966 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.447869062 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.448137999 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.448376894 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.448498964 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.448548079 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.448637009 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.448662043 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.448749065 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.448935986 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.448977947 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.449043036 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.449104071 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.449867010 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.449992895 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.450926065 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.451039076 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.453871012 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.454010010 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.455142975 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.455298901 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.463540077 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.463701010 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.464858055 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.464905977 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.465075016 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.465084076 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.465174913 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.465275049 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.465334892 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.465369940 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.465428114 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.471021891 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.471070051 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.471261978 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.471304893 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.471338987 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.471417904 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.476005077 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.476056099 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.476176023 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.476248980 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.476290941 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.476392031 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.480940104 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.480979919 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.481096029 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.482062101 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.482136011 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.482204914 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.482223034 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.482247114 CEST606049755194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:32.482258081 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.482306957 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:32.482347012 CEST497556060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:36.636132002 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:36.866781950 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:36.867089987 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:36.867894888 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:37.152384043 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:37.152637005 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:37.252886057 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:37.252974987 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:37.449403048 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:37.449522972 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:37.535536051 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:37.535650015 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:37.685561895 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:37.685674906 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:37.827904940 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:37.827997923 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:37.975816011 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:37.976080894 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.118824005 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.118927002 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.148525000 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.148581028 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.148643017 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.148716927 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.148799896 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.151241064 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.151391029 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.258663893 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.258836985 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.398613930 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.398667097 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.398714066 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.398777962 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.398839951 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.398969889 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.399008989 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.399072886 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.399173021 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.399235964 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.402946949 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.403135061 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.403198957 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.403224945 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.543884039 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.544162989 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.634687901 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.635507107 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.635654926 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.644973040 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.648195028 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.653516054 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.653569937 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.653672934 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.653692961 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.654603004 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.654654980 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.654706001 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.654728889 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.654742956 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.654768944 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.655006886 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.657526016 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.657567978 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.657675982 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.658375025 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.658479929 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.659873009 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.659976006 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.660276890 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.660317898 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.660355091 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.660397053 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.660433054 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.708065033 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.829417944 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.831650972 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.875041962 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.875196934 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.883476973 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.883586884 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.883621931 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.883661032 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.883866072 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.884900093 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.885299921 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.893515110 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.893577099 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.893719912 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.899991035 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.900019884 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.900114059 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.903462887 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.903650045 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.917903900 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.917989969 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.918009996 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.918148041 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.918163061 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.920089006 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.920106888 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.920146942 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.920238972 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.920275927 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.921938896 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.923083067 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.923202038 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.923230886 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.923254013 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.923269033 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.923329115 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.923336983 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.925076008 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.925096035 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.925221920 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.926975012 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.926991940 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.927182913 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.927217960 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.927285910 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.927350998 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.927427053 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.927534103 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.927587986 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.927594900 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.927902937 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.927975893 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:38.928107023 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.928488970 CEST606049756194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:38.928565025 CEST497566060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:42.977320910 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:43.198839903 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:43.199213982 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:43.200506926 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:43.488818884 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:43.489049911 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:43.570729017 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:43.570852041 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:43.757772923 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:43.757925034 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:43.843852043 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:43.978898048 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:43.979731083 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:44.255836964 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:44.256091118 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:44.548860073 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:44.549074888 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:44.559911013 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:44.560152054 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:44.560283899 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:44.560302973 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:44.560405970 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:44.561207056 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:44.561386108 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:44.784498930 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:44.784673929 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:44.793626070 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:44.793703079 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:44.793766022 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:44.793814898 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:44.793893099 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:44.793965101 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:44.802407980 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:44.802469969 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:44.802536964 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:44.802613020 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:44.803690910 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:44.803735971 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:44.803786039 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:44.803809881 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.010023117 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.010260105 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.010387897 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.010504961 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.020976067 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.023488045 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.023632050 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.024285078 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.024410963 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.024437904 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.024482965 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.033912897 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.033993006 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.034040928 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.034109116 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.034914970 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.034984112 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.042013884 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.042098999 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.044841051 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.044914007 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.045818090 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.045883894 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.045938969 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.046010971 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.046797991 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.046868086 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.046895027 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.046924114 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.055725098 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.055847883 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.056643963 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.056735039 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.235778093 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.235913992 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.238065004 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.238157988 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.239248037 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.239310980 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:45.239514112 CEST606049761194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:45.239582062 CEST497616060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:49.211585045 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:49.440898895 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:49.441023111 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:49.441607952 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:49.723815918 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:49.723887920 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:49.817945004 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:49.818057060 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:50.008773088 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:50.012271881 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:50.105937004 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:50.249522924 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:50.249624968 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:50.535669088 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:50.535860062 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:50.829436064 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:50.829660892 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:50.856659889 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:50.856712103 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:50.856980085 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:50.860224962 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:50.860265970 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:50.860469103 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.103988886 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.104068995 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.104223967 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.104266882 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.105958939 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.106076956 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.106390953 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.106468916 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.106550932 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.106631994 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.113878012 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.113974094 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.113980055 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.114059925 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.122452021 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.122603893 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.209342957 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.340569973 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.340688944 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.342025042 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.342094898 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.342341900 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.342408895 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.343277931 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.343338966 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.351239920 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.351388931 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.352127075 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.352174044 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.352205992 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.352226973 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.352612972 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.352758884 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.353369951 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.353437901 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.354964018 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.355034113 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.356074095 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.356144905 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.357036114 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.357109070 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.357487917 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.357578993 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.358510971 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.358552933 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.358587027 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.358611107 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:51.367490053 CEST606049762194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:51.367747068 CEST497626060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:55.466855049 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:55.706356049 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:55.706635952 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:55.708033085 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:55.997857094 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:55.998008966 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:56.047676086 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:56.047969103 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:56.279438019 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:56.279603958 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:56.522953987 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:56.523121119 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:56.799896002 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:56.801532984 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.091717958 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.091896057 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.127916098 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.128010035 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.128456116 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.128503084 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.128518105 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.128556967 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.129194021 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.129249096 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.373584032 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.373790979 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.378273010 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.378329039 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.378448963 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.379729986 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.379882097 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.380846024 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.380934954 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.380980015 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.381031990 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.390043020 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.390079975 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.390214920 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.521828890 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.608284950 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.608395100 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.629307032 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.629344940 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.629396915 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.629439116 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.629561901 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.629584074 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.629628897 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.629652977 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.629678011 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.629699945 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.629719973 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.629740000 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.629755974 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.629776001 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.629878044 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.629931927 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.634251118 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.634284973 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.634342909 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.634387016 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.634560108 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.634623051 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.639457941 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.639513016 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.639560938 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.639617920 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.639663935 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:37:57.639794111 CEST606049763194.5.98.87192.168.2.3
                                Jun 9, 2021 10:37:57.639899969 CEST497636060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:01.722718000 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:01.939659119 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:01.939898968 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:01.940654039 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:02.213960886 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:02.214127064 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:02.303828001 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:02.303992987 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:02.483706951 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:02.483854055 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:02.705895901 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:02.706152916 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:02.978247881 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:02.978379965 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.279961109 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.280100107 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.288865089 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.288928986 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.289980888 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.290009975 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.290034056 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.290057898 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.511445045 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.511545897 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.520509958 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.520577908 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.533436060 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.533510923 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.534744978 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.534806013 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.534810066 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.534853935 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.534929037 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.534981012 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.536571980 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.536622047 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.536642075 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.536659956 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.710036039 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.745731115 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.745800018 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.746917963 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.746978998 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.755655050 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.755676985 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.755723953 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.755752087 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.758512020 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.758583069 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.774960995 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.775036097 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.775048018 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.775100946 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.775437117 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.775459051 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.775470972 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.775506973 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.775556087 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.777983904 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.778002024 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.778070927 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.778299093 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.778418064 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.778481960 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.778563976 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.778685093 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.778726101 CEST606049764194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:03.778763056 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:03.778780937 CEST497646060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:07.771357059 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:07.998034000 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:07.998707056 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:07.998819113 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:08.278026104 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:08.340904951 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:08.341283083 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:08.568119049 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:08.569458961 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:08.848962069 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:08.867501974 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:08.867544889 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:08.867650986 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:08.867676973 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:08.867685080 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:08.867811918 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.095021009 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.095385075 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.095449924 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.095521927 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.096954107 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.096987963 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.097034931 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.105880022 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.105968952 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.105973005 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.106142998 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.106180906 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.327255964 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.327877998 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.327931881 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.328018904 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.328340054 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.328377962 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.328524113 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.329572916 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.329632044 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.330935955 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.331955910 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.332022905 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.337141991 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.338052034 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.338104963 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.338401079 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.338445902 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.338486910 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.339440107 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.340853930 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.340914011 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.341731071 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.351177931 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.351239920 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.563054085 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.563201904 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.563257933 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.563271046 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.563386917 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.563426018 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.563450098 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.563469887 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.563505888 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.563749075 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.566359043 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.566402912 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.567941904 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.567959070 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.568026066 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.568883896 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.568902969 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.568968058 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.569166899 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.569184065 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.569221020 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.574173927 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.574192047 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.574256897 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.577506065 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.578583002 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.578602076 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.578624964 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.578763962 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.578803062 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.578814983 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.578830957 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.578851938 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.578906059 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.578913927 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.578960896 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.579133987 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.579186916 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.579238892 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.579894066 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.579910994 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.579952955 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.581012011 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.581157923 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.581195116 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.582400084 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.582597971 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.582638979 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.793163061 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.793394089 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.793459892 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.793569088 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.794373035 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.794430971 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.795784950 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.795814991 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.795861006 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.796458006 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.796489000 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.796526909 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.797910929 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.810998917 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.811044931 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.811067104 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.811203003 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.811240911 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.811266899 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.811408043 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.811445951 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.811580896 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.813409090 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.813452005 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.813580990 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.813617945 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.813667059 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.815953970 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.816099882 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.816138983 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.816144943 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.816263914 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.816301107 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.816477060 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.816494942 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.816529036 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.816623926 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.816984892 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.817023039 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.817379951 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.818368912 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.818413019 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.819833040 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.821748018 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.821795940 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.822438002 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.823904037 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.823945045 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.824913979 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.833679914 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.833734035 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.833947897 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.834106922 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.834122896 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.834172964 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.834270000 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.834297895 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.834332943 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.839504004 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.839557886 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.839586020 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.839603901 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.839644909 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.839672089 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.839873075 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.839894056 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.839915991 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.839916945 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.839971066 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:09.840032101 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.840229034 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:09.840270042 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.034454107 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.036025047 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.036053896 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.036097050 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.036230087 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.036329031 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.038060904 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.038707972 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.038729906 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.038759947 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.038789034 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.038835049 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.039381027 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.040463924 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.040507078 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.042495966 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.044019938 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.044050932 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.044105053 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.044317961 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.044491053 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.044542074 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.047640085 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.047697067 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.047703981 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.049534082 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.049650908 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.049694061 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.050369978 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.050437927 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.050503016 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.052570105 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.052598953 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.052797079 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.053420067 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.054451942 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.054482937 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.054510117 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.054559946 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.055427074 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.064181089 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.064244986 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.065001965 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.065399885 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.065449953 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.065597057 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.065614939 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.065659046 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.065757990 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.065778017 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.065810919 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.066016912 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.066046000 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.066066027 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.066067934 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.066112995 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.066133976 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.066289902 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.066346884 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.066704988 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.067967892 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.068022966 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.068325996 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.068705082 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.068747997 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.070131063 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.070203066 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.070496082 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.077855110 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.077922106 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.078172922 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.078948975 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.079267025 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.079309940 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.261219025 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.281487942 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.281557083 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.281673908 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.281719923 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.281748056 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.281811953 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.283420086 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.284077883 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.284377098 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.284578085 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.284653902 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.286052942 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.286958933 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.287070036 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.287190914 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.287379980 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.287415028 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.287489891 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.287491083 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.287542105 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.287612915 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.288139105 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.288191080 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.288264990 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.288548946 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.288891077 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.289387941 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.290961027 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.291079044 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.291481018 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.293109894 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.293148994 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.293237925 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.293433905 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.293992043 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.294083118 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.294434071 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.294507027 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.296067953 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.296941996 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.297082901 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.297178984 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.298943043 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.299004078 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.299076080 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.300010920 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.301182985 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.301204920 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.301223993 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.301333904 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.302114964 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.302155972 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.302246094 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.303023100 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.303065062 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.303236961 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.303472996 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.304552078 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.304662943 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.304840088 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.305891991 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.307079077 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.307199955 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.307267904 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.307985067 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.308139086 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.308209896 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.309004068 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.309067011 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.309499025 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.310969114 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.311028004 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.311182976 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.366374016 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.508737087 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.508812904 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.508953094 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.516971111 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.517028093 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.517066956 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.517230988 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.534588099 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.534723043 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.534770966 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.534800053 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.534812927 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.534853935 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.534869909 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.534897089 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.534935951 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.534954071 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.534972906 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.535012960 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.535027027 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.535060883 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.537425041 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.537575006 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.537873030 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.539089918 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.542347908 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.542453051 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.545027018 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.545265913 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.545309067 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.545347929 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.545393944 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.545409918 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.545433044 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.545656919 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.545698881 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.545715094 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.548774958 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.548863888 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.550039053 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.550085068 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.550179958 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.555149078 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.555211067 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.555253029 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.555286884 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.555291891 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.555330038 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.555367947 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.555388927 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.555406094 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.555423975 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.555444956 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.555483103 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.555500031 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.555531979 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.555625916 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.556731939 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.557735920 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.558324099 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.559282064 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.559461117 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.559499979 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.559597015 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.559837103 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.560843945 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.560890913 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.560966015 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.560990095 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.565113068 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.565161943 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.566396952 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.571645021 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.571790934 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.572076082 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.572119951 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.572201967 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.572422981 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.572487116 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.572527885 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.572563887 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.572566032 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.572586060 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.572606087 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.572637081 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.572654009 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.572750092 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.572850943 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.573071957 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.573113918 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.573151112 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.573167086 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.573199034 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.573230982 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.573240995 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:10.573266983 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.573329926 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:10.748773098 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:11.017527103 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:11.111726999 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:11.125700951 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:11.350538969 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:11.359554052 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:11.588969946 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:11.591084957 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:11.811913013 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:11.812042952 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:12.088253975 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:12.088383913 CEST497656060192.168.2.3194.5.98.87
                                Jun 9, 2021 10:38:12.356621027 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:13.225867987 CEST606049765194.5.98.87192.168.2.3
                                Jun 9, 2021 10:38:13.272934914 CEST497656060192.168.2.3194.5.98.87

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jun 9, 2021 10:36:02.655715942 CEST5598453192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:02.698004961 CEST53559848.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:03.640913963 CEST6418553192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:03.683454990 CEST53641858.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:05.146358967 CEST6511053192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:05.190650940 CEST53651108.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:06.131125927 CEST5836153192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:06.173707962 CEST53583618.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:12.328316927 CEST6349253192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:12.372397900 CEST53634928.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:13.740787983 CEST6083153192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:13.783344030 CEST53608318.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:15.739696980 CEST6010053192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:15.782198906 CEST53601008.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:20.047811985 CEST5319553192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:20.264655113 CEST53531958.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:26.807152987 CEST5014153192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:27.016743898 CEST53501418.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:27.054666996 CEST5302353192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:27.097677946 CEST53530238.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:28.530730009 CEST4956353192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:28.576335907 CEST53495638.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:29.834455013 CEST5135253192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:29.877003908 CEST53513528.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:31.234874964 CEST5934953192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:31.277954102 CEST53593498.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:32.169289112 CEST5708453192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:32.211476088 CEST53570848.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:32.655452013 CEST5882353192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:32.700154066 CEST53588238.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:33.197031021 CEST5756853192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:33.408946037 CEST53575688.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:33.591783047 CEST5054053192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:33.634377003 CEST53505408.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:34.537992954 CEST5436653192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:34.580698013 CEST53543668.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:35.894808054 CEST5303453192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:35.937314987 CEST53530348.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:37.218290091 CEST5776253192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:37.261087894 CEST53577628.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:39.484498024 CEST5543553192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:39.529063940 CEST53554358.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:39.532572031 CEST5071353192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:39.741951942 CEST53507138.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:42.846616983 CEST5613253192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:42.889030933 CEST53561328.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:44.394973040 CEST5898753192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:44.437268019 CEST53589878.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:46.335578918 CEST5657953192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:46.378822088 CEST53565798.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:48.167681932 CEST6063353192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:48.191525936 CEST6129253192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:48.218827009 CEST53606338.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:48.235430956 CEST53612928.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:50.734936953 CEST6361953192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:50.777770042 CEST53636198.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:50.890386105 CEST6493853192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:50.933078051 CEST53649388.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:52.063003063 CEST6194653192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:52.105932951 CEST53619468.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:52.856112957 CEST6491053192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:53.070564985 CEST53649108.8.8.8192.168.2.3
                                Jun 9, 2021 10:36:59.254034042 CEST5212353192.168.2.38.8.8.8
                                Jun 9, 2021 10:36:59.297163963 CEST53521238.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:04.701843977 CEST5613053192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:04.745234013 CEST53561308.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:05.541382074 CEST5633853192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:05.584774017 CEST53563388.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:08.324937105 CEST5942053192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:08.369405985 CEST53594208.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:11.751173019 CEST5878453192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:11.966873884 CEST53587848.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:18.215631962 CEST6397853192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:18.426738977 CEST53639788.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:25.377041101 CEST6293853192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:25.420192003 CEST53629388.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:30.022260904 CEST5570853192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:30.233668089 CEST53557088.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:36.421251059 CEST5680353192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:36.634321928 CEST53568038.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:39.821501970 CEST5714553192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:39.865470886 CEST53571458.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:40.565571070 CEST5535953192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:40.616491079 CEST53553598.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:40.689285040 CEST5830653192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:40.741725922 CEST53583068.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:42.055051088 CEST6412453192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:42.105699062 CEST53641248.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:42.762809992 CEST4936153192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:42.976070881 CEST53493618.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:49.167521000 CEST6315053192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:49.210297108 CEST53631508.8.8.8192.168.2.3
                                Jun 9, 2021 10:37:55.253063917 CEST5327953192.168.2.38.8.8.8
                                Jun 9, 2021 10:37:55.461719990 CEST53532798.8.8.8192.168.2.3
                                Jun 9, 2021 10:38:01.676273108 CEST5688153192.168.2.38.8.8.8
                                Jun 9, 2021 10:38:01.719487906 CEST53568818.8.8.8192.168.2.3
                                Jun 9, 2021 10:38:07.727155924 CEST5364253192.168.2.38.8.8.8
                                Jun 9, 2021 10:38:07.770628929 CEST53536428.8.8.8192.168.2.3

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                Jun 9, 2021 10:36:20.047811985 CEST192.168.2.38.8.8.80xb33eStandard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:36:26.807152987 CEST192.168.2.38.8.8.80x146dStandard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:36:33.197031021 CEST192.168.2.38.8.8.80x5156Standard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:36:39.532572031 CEST192.168.2.38.8.8.80x6289Standard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:36:46.335578918 CEST192.168.2.38.8.8.80x64b2Standard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:36:52.856112957 CEST192.168.2.38.8.8.80xcdf1Standard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:36:59.254034042 CEST192.168.2.38.8.8.80xb180Standard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:05.541382074 CEST192.168.2.38.8.8.80x944fStandard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:11.751173019 CEST192.168.2.38.8.8.80xdf89Standard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:18.215631962 CEST192.168.2.38.8.8.80xdc0fStandard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:25.377041101 CEST192.168.2.38.8.8.80xdd4Standard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:30.022260904 CEST192.168.2.38.8.8.80x35f2Standard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:36.421251059 CEST192.168.2.38.8.8.80x97c0Standard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:42.762809992 CEST192.168.2.38.8.8.80x231cStandard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:49.167521000 CEST192.168.2.38.8.8.80x8da4Standard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:55.253063917 CEST192.168.2.38.8.8.80x182fStandard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:38:01.676273108 CEST192.168.2.38.8.8.80x48bcStandard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)
                                Jun 9, 2021 10:38:07.727155924 CEST192.168.2.38.8.8.80x458Standard query (0)kkmmtt.duckdns.orgA (IP address)IN (0x0001)

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                Jun 9, 2021 10:36:20.264655113 CEST8.8.8.8192.168.2.30xb33eNo error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:36:27.016743898 CEST8.8.8.8192.168.2.30x146dNo error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:36:33.408946037 CEST8.8.8.8192.168.2.30x5156No error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:36:39.741951942 CEST8.8.8.8192.168.2.30x6289No error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:36:46.378822088 CEST8.8.8.8192.168.2.30x64b2No error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:36:53.070564985 CEST8.8.8.8192.168.2.30xcdf1No error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:36:59.297163963 CEST8.8.8.8192.168.2.30xb180No error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:05.584774017 CEST8.8.8.8192.168.2.30x944fNo error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:11.966873884 CEST8.8.8.8192.168.2.30xdf89No error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:18.426738977 CEST8.8.8.8192.168.2.30xdc0fNo error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:25.420192003 CEST8.8.8.8192.168.2.30xdd4No error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:30.233668089 CEST8.8.8.8192.168.2.30x35f2No error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:36.634321928 CEST8.8.8.8192.168.2.30x97c0No error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:39.865470886 CEST8.8.8.8192.168.2.30x99ffNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                Jun 9, 2021 10:37:42.976070881 CEST8.8.8.8192.168.2.30x231cNo error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:49.210297108 CEST8.8.8.8192.168.2.30x8da4No error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:37:55.461719990 CEST8.8.8.8192.168.2.30x182fNo error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:38:01.719487906 CEST8.8.8.8192.168.2.30x48bcNo error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)
                                Jun 9, 2021 10:38:07.770628929 CEST8.8.8.8192.168.2.30x458No error (0)kkmmtt.duckdns.org194.5.98.87A (IP address)IN (0x0001)

                                Code Manipulations

                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                Analysis Process: POInvoiceOrderIuVvcl0VWEOAmXy.exe PID: 6140 Parent PID: 5584

                                General

                                Start time:10:36:00
                                Start date:09/06/2021
                                Path:C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe
                                Wow64 process (32bit):true
                                Commandline:'C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe'
                                Imagebase:0x830000
                                File size:919552 bytes
                                MD5 hash:FB1EB909E34C22F21310565CF4B71563
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:.Net C# or VB.NET
                                Yara matches:
                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000001.00000002.234767836.0000000003EF1000.00000004.00000001.sdmp, Author: Florian Roth
                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000001.00000002.234767836.0000000003EF1000.00000004.00000001.sdmp, Author: Joe Security
                                • Rule: NanoCore, Description: unknown, Source: 00000001.00000002.234767836.0000000003EF1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000001.00000002.234244146.0000000002F17000.00000004.00000001.sdmp, Author: Joe Security
                                Reputation:low

                                Chronological Activities

                                Analysis Process: schtasks.exe PID: 5904 Parent PID: 6140

                                General

                                Start time:10:36:15
                                Start date:09/06/2021
                                Path:C:\Windows\SysWOW64\schtasks.exe
                                Wow64 process (32bit):true
                                Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\KbWjJvsRSE' /XML 'C:\Users\user\AppData\Local\Temp\tmp220B.tmp'
                                Imagebase:0xf40000
                                File size:185856 bytes
                                MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                Chronological Activities

                                Analysis Process: conhost.exe PID: 1832 Parent PID: 5904

                                General

                                Start time:10:36:15
                                Start date:09/06/2021
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6b2800000
                                File size:625664 bytes
                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                Chronological Activities

                                Analysis Process: POInvoiceOrderIuVvcl0VWEOAmXy.exe PID: 1084 Parent PID: 6140

                                General

                                Start time:10:36:16
                                Start date:09/06/2021
                                Path:C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Users\user\Desktop\POInvoiceOrderIuVvcl0VWEOAmXy.exe
                                Imagebase:0xc60000
                                File size:919552 bytes
                                MD5 hash:FB1EB909E34C22F21310565CF4B71563
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:.Net C# or VB.NET
                                Yara matches:
                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                • Rule: NanoCore, Description: unknown, Source: 00000004.00000002.463995578.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000002.471906228.0000000005730000.00000004.00000001.sdmp, Author: Florian Roth
                                • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000004.00000002.471906228.0000000005730000.00000004.00000001.sdmp, Author: Florian Roth
                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000000.232483645.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000000.232483645.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                • Rule: NanoCore, Description: unknown, Source: 00000004.00000000.232483645.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000002.472266831.0000000005C50000.00000004.00000001.sdmp, Author: Florian Roth
                                • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000004.00000002.472266831.0000000005C50000.00000004.00000001.sdmp, Author: Florian Roth
                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000002.471023992.000000000433F000.00000004.00000001.sdmp, Author: Joe Security
                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000000.231248149.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000000.231248149.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                • Rule: NanoCore, Description: unknown, Source: 00000004.00000000.231248149.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000002.472281390.0000000005C60000.00000004.00000001.sdmp, Author: Florian Roth
                                • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000004.00000002.472281390.0000000005C60000.00000004.00000001.sdmp, Author: Florian Roth
                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000002.472281390.0000000005C60000.00000004.00000001.sdmp, Author: Joe Security
                                Reputation:low

                                Chronological Activities

                                Disassembly

                                Code Analysis

                                Reset < >

                                  Analysis Process: POInvoiceOrderIuVvcl0VWEOAmXy.exe PID: 6140 Parent PID: 5584 POInvoiceOrderIuVvcl0VWEOAmXy.exeCOMMON

                                  Executed Functions

                                  Function 050E0AA0, Relevance: 29.5, Strings: 18, Instructions: 7006COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: "Uq$$41q$<m/q$<m/q$<m/q$<m/q$<m/q$<m/q$<m/q$\T/q$w/q$w/q$w/q$w/q$w/q$w/q$w/q$w/q
                                  • API String ID: 0-3141369890
                                  • Opcode ID: f5666e72d5a8af4d7c85b09f54683990696b7def6e192294bc0f1ded32076856
                                  • Instruction ID: 089dd0c5b8582011e90f7561f7de4c847f0f196d3eaafc2a32e213dc686b3cb7
                                  • Opcode Fuzzy Hash: f5666e72d5a8af4d7c85b09f54683990696b7def6e192294bc0f1ded32076856
                                  • Instruction Fuzzy Hash: 45F3C974A41218CFDB64DF24C894BA9B7B2FF89305F1184E9D809AB361CB71AE95CF11
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E0A93, Relevance: 29.5, Strings: 18, Instructions: 7005COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: "Uq$$41q$<m/q$<m/q$<m/q$<m/q$<m/q$<m/q$<m/q$\T/q$w/q$w/q$w/q$w/q$w/q$w/q$w/q$w/q
                                  • API String ID: 0-3141369890
                                  • Opcode ID: b3a3a37b1e480bcfa65882beb8911285c705b47ecde5bcccdc56fef19234306b
                                  • Instruction ID: 18e06417e7ad40b28b0369fba8060194e73042784c267ed098282d6511487381
                                  • Opcode Fuzzy Hash: b3a3a37b1e480bcfa65882beb8911285c705b47ecde5bcccdc56fef19234306b
                                  • Instruction Fuzzy Hash: 21F3C974A41218CFDB64DF24C894BA9B7B2FF89305F1184E9D809AB361CB71AE95CF11
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E85A0, Relevance: 14.3, Strings: 11, Instructions: 551COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: X$kr$X1kr$X1kr$X1kr$X1kr$X1kr$X1kr$X1kr$X1kr$X1kr$X1kr
                                  • API String ID: 0-3972231804
                                  • Opcode ID: 2d694a93d378ebe0471b15598786d502339c275ded0c6f01d014bfd4450a2b8c
                                  • Instruction ID: 8ba997c88fe5230359d8c385ff028630712e17c2dbe8fdc350c3a3bc62d36c32
                                  • Opcode Fuzzy Hash: 2d694a93d378ebe0471b15598786d502339c275ded0c6f01d014bfd4450a2b8c
                                  • Instruction Fuzzy Hash: B942A174E00218DFEB54DFA9D994B9DBBF2BF88300F24C1AAD509AB255DB709981CF10
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E8280, Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: X$kr$X1kr
                                  • API String ID: 0-3132599531
                                  • Opcode ID: c53e3c6731015041026ddf98284a8ce01de6bbc4a5764c9a18d550f5cd0ebad1
                                  • Instruction ID: 574be6c8778d6c738f30e7e53595256fac13657138142285fcaf7e8adf1eb277
                                  • Opcode Fuzzy Hash: c53e3c6731015041026ddf98284a8ce01de6bbc4a5764c9a18d550f5cd0ebad1
                                  • Instruction Fuzzy Hash: 25A1B1B5E002188FDB14DFAAD950BEEBBF2BF88300F24D0AAD508A7255DB355941CF50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E8271, Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: X$kr$X1kr
                                  • API String ID: 0-3132599531
                                  • Opcode ID: 8aa6e5d8a76f4195b6614bdb77b225b8672b4dd744ec3446a88920d83b30d999
                                  • Instruction ID: faa2dc7efd7ed42f4ad8f43c53f452f05f56450d6f9070d83df5acb1c5a3ec80
                                  • Opcode Fuzzy Hash: 8aa6e5d8a76f4195b6614bdb77b225b8672b4dd744ec3446a88920d83b30d999
                                  • Instruction Fuzzy Hash: 5681C171E002189FEB14DFAAD9447DDBBF2BF88300F24C0AAD509AB295DB755A45CF50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF152F, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                  Download Yara Rule
                                  APIs
                                  • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 04EF15AF
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: AdjustPrivilegesToken
                                  • String ID:
                                  • API String ID: 2874748243-0
                                  • Opcode ID: f7b8827c3884112fb6f61d5dc8a2f626bc4b21326cd7f734d2837d667eb40536
                                  • Instruction ID: 3c5a011921a8f16d2f3df20d7f198ef665fb26b262d4ba8be0baf79706699367
                                  • Opcode Fuzzy Hash: f7b8827c3884112fb6f61d5dc8a2f626bc4b21326cd7f734d2837d667eb40536
                                  • Instruction Fuzzy Hash: 4621A176509784AFDB228F25DC40B52BFF4EF06314F0885DAEA858F163D275A908DB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF16B1, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 04EF171D
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: InformationQuerySystem
                                  • String ID:
                                  • API String ID: 3562636166-0
                                  • Opcode ID: b82e467e9b7db45dadf45a0c798c0011ffa0d1445bb48ddb076e48764900b609
                                  • Instruction ID: 184ed86baa7af0108a644fc172148197ba0e626a37b99f5017842455709715c9
                                  • Opcode Fuzzy Hash: b82e467e9b7db45dadf45a0c798c0011ffa0d1445bb48ddb076e48764900b609
                                  • Instruction Fuzzy Hash: CE118E724097C4AFDB228F24DC45A52FFB4EF06324F09C4DAEE844B163D275A918DB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF1566, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                  Download Yara Rule
                                  APIs
                                  • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 04EF15AF
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: AdjustPrivilegesToken
                                  • String ID:
                                  • API String ID: 2874748243-0
                                  • Opcode ID: dfb848b4bea1633eb00ba752b9375a7b9d13b2738e3ec8027d1a09d89aa05819
                                  • Instruction ID: 5544b88a8620051e46701865d75249f82f1589e31eea440467cde5c260c4c7a2
                                  • Opcode Fuzzy Hash: dfb848b4bea1633eb00ba752b9375a7b9d13b2738e3ec8027d1a09d89aa05819
                                  • Instruction Fuzzy Hash: 05115E71900604DFDB20CF65DC84B66FFE4EF04220F08C4AAEE468B652D275F818DB61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100B51E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 0100B56E
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: NameUser
                                  • String ID:
                                  • API String ID: 2645101109-0
                                  • Opcode ID: 48671763b15938ed42fce9d806747182edaa589b8c98354822ca7243dbc993d6
                                  • Instruction ID: 6ca3c03e37578c8852fe20ca04104495dec0a1ed97f7d56ae3603579f336952b
                                  • Opcode Fuzzy Hash: 48671763b15938ed42fce9d806747182edaa589b8c98354822ca7243dbc993d6
                                  • Instruction Fuzzy Hash: 18014B76500600ABD610DF16DC86B26FBA8EB88A20F14816AED085B741E375B916CBE6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF16E2, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 04EF171D
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: InformationQuerySystem
                                  • String ID:
                                  • API String ID: 3562636166-0
                                  • Opcode ID: 0c3b3d3b481656581c298b85a53b96baf2f2e26d5edf978f9adb54ffdfe3322a
                                  • Instruction ID: 60a801744e7e06391b463af81ab5d56dc5078d6b8ac1e2c7b79a9c556157ed6c
                                  • Opcode Fuzzy Hash: 0c3b3d3b481656581c298b85a53b96baf2f2e26d5edf978f9adb54ffdfe3322a
                                  • Instruction Fuzzy Hash: 7001AD35500A44DFDB208F15DC84B66FFA4EF09320F08D4AADE890B252D2B6A818DF72
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F9340, Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: Rn\@
                                  • API String ID: 0-1658564055
                                  • Opcode ID: aff11efc49dfbeb679e387550d99715e5bba1d45cd7869ad43685b2618c6cdac
                                  • Instruction ID: b9ae28bb59324c89b9ac4dc687046a6dd0995e5c43d162dcca88594f3e03f8b3
                                  • Opcode Fuzzy Hash: aff11efc49dfbeb679e387550d99715e5bba1d45cd7869ad43685b2618c6cdac
                                  • Instruction Fuzzy Hash: 9EA126B4C0520ADFDB04CFAAD5846AEFFB1FF89311F20912AD115AB256D7309A42CF94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084FC6E0, Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: :@Dr
                                  • API String ID: 0-3830894600
                                  • Opcode ID: e2404bc1bf3bfeadb7e1aeb8319f3c5940965de013fda57afdc90e29d6ab1253
                                  • Instruction ID: 663f095d35e0c7965d366b8b7a41619c3db41ce6044cc0df2fafac7d0b94d27b
                                  • Opcode Fuzzy Hash: e2404bc1bf3bfeadb7e1aeb8319f3c5940965de013fda57afdc90e29d6ab1253
                                  • Instruction Fuzzy Hash: A171B378E01219DFCB04DFA5E5849AEBBB2FF89311F20A02ED505AB355DB345981CF64
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084FBCB8, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: B[,B
                                  • API String ID: 0-3511928297
                                  • Opcode ID: 46c3e22bace51b83058f69ee4d52e123338e8c0b0f1acd2ca1f9fa972d83264f
                                  • Instruction ID: b5392cf54b0d9cca838ac33724c7f3caf5e5bb587e9e5c400b9af3243a1da7ac
                                  • Opcode Fuzzy Hash: 46c3e22bace51b83058f69ee4d52e123338e8c0b0f1acd2ca1f9fa972d83264f
                                  • Instruction Fuzzy Hash: 5E511670D06209DFCB04CFA5E6845DEBBF6EB8A321F20A42ED106B7251D7359941CF29
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F289A, Relevance: .4, Instructions: 364COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c768ac7d5a17ef514296caee661447be71c9eb0c99a8163b4739a6b64c4e85f
                                  • Instruction ID: cfa002b09d441ee90c3fb8e2b2e926e99dd559d1681abf68f03a281936959133
                                  • Opcode Fuzzy Hash: 3c768ac7d5a17ef514296caee661447be71c9eb0c99a8163b4739a6b64c4e85f
                                  • Instruction Fuzzy Hash: CFE1CE7090565ADFCB04CFA4C5858AEFFB1FF4A311B2499AEC545AB202C3709A85CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084FC0B0, Relevance: .3, Instructions: 310COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 770935640a41b728f5cb8a3535736111d1018f2e6bb5caaa36377163ac604351
                                  • Instruction ID: d4f90206b830f6a88be62a6e5bd8965b41567f1a1e0849438be0c3016d7ac50b
                                  • Opcode Fuzzy Hash: 770935640a41b728f5cb8a3535736111d1018f2e6bb5caaa36377163ac604351
                                  • Instruction Fuzzy Hash: 8BD11774E46218DFDB04CFA4E985BDDBBB1EB49311F20542EE50ABB295D7309981CF28
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050EF228, Relevance: .2, Instructions: 238COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2744411b2eb5edde842c33e29cae3884906c78b5dabe668aeec83d1bfd4a2f8c
                                  • Instruction ID: 84bb4db95f05e45be6d310621449392ee091d0673d1ccd3c3e1a00c1e89570de
                                  • Opcode Fuzzy Hash: 2744411b2eb5edde842c33e29cae3884906c78b5dabe668aeec83d1bfd4a2f8c
                                  • Instruction Fuzzy Hash: 16A105B1D00219CFEB14DFA6E844BEDBBB2BF89314F6090AAD518B7251DB305985CF10
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F0A58, Relevance: .2, Instructions: 233COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 98ccb94dc98e6314e4bc3650737e86985f576d082b3979eb7ca77ba1f7685835
                                  • Instruction ID: 80c05b9438119a692ba997ee6d1ac59635d96011dd45496d14095a7b5eafaef9
                                  • Opcode Fuzzy Hash: 98ccb94dc98e6314e4bc3650737e86985f576d082b3979eb7ca77ba1f7685835
                                  • Instruction Fuzzy Hash: 78A15230D0564ADFCB09CFA9C4946ADBFB1FF8A310F24846EC509AB252D734A986CF51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F1218, Relevance: .1, Instructions: 132COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d3e5f62f5a4aa1370b2413cb4568cf4a7da6959ba28bc0fbc86e32695e8bda95
                                  • Instruction ID: 6ccbcb06e3a25e549d8b457c98d004dc97219cc755badded89631c369c2d9dd9
                                  • Opcode Fuzzy Hash: d3e5f62f5a4aa1370b2413cb4568cf4a7da6959ba28bc0fbc86e32695e8bda95
                                  • Instruction Fuzzy Hash: DC514771D0524ACFDB09CFE6C4446AEBBF2EF88311F14906ED515B7252D6349A42CFA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F1228, Relevance: .1, Instructions: 129COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7192b0af90833ff86402d10f2f4f66a8c099239034bd0dce21ab59fc88426137
                                  • Instruction ID: 0daee5fd0420db90d0279c58120a1c2bb7a0da2ac55c2ba2d7c5dc855a124b5b
                                  • Opcode Fuzzy Hash: 7192b0af90833ff86402d10f2f4f66a8c099239034bd0dce21ab59fc88426137
                                  • Instruction Fuzzy Hash: B35125B5D0424ACFDB08CFE6C5406AEBBF2EB88311F14906ED519B7255D7349A42CFA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084FB968, Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 35e1304d33de831ddb096cf5e69bce0674c45c0fdcae572eced0e863ba94696b
                                  • Instruction ID: 03f6dc3cf1e467b385869234da7c15b833c214876cd78b5320262e04e6dc3af6
                                  • Opcode Fuzzy Hash: 35e1304d33de831ddb096cf5e69bce0674c45c0fdcae572eced0e863ba94696b
                                  • Instruction Fuzzy Hash: E3317A70D15209CFCB44CFA9E5845EEFBF5EB8E261F20A42ED109B7245D73099128F28
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F0070, Relevance: .1, Instructions: 80COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4a470e0c43311ba66d2bf4e643a05e82cc90ae81c2e5317b20b6182d1d1a3db1
                                  • Instruction ID: a6665c5c9cb0610711120b2cf365e84d4b8398f79cda7e8c82167de8508330db
                                  • Opcode Fuzzy Hash: 4a470e0c43311ba66d2bf4e643a05e82cc90ae81c2e5317b20b6182d1d1a3db1
                                  • Instruction Fuzzy Hash: 703107B0E016188FEB58CF6BD840B9EBBB7FFC9300F14C1AAD508A6255DB301A818F51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F1B48, Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 53c5dd6083f3572cd506eaf85dfafc9f822a006b4d24d6cc134d8e5dbef5e251
                                  • Instruction ID: d0e5a6ce9f03c1187e057aa50b61509a78a68226d0f85235f09f3bb48f0b1902
                                  • Opcode Fuzzy Hash: 53c5dd6083f3572cd506eaf85dfafc9f822a006b4d24d6cc134d8e5dbef5e251
                                  • Instruction Fuzzy Hash: E221F571E00218CBDB18CF96D8446CEFBB2EFC8310F14C06AD509AA264DB741A85CF50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F1B42, Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 870c587762570ed9e6b876d75c4f610512d0fad10fa2aba8e42aae929d6546f7
                                  • Instruction ID: 546c67577df4aa78f0bf6a4226210a3d836197003d615df25fd50ac68f2214ef
                                  • Opcode Fuzzy Hash: 870c587762570ed9e6b876d75c4f610512d0fad10fa2aba8e42aae929d6546f7
                                  • Instruction Fuzzy Hash: CB21A4B1E016588BEB18CF97D94478EFBB3AFC8300F14C06AD409AA254DB741946CF50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E05A8, Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: :@Dr$`5kr
                                  • API String ID: 0-2548079215
                                  • Opcode ID: 4dbdd7d08ba8e1e0f4281c3217c1a9314168061b0313c8acd5ee641477edac09
                                  • Instruction ID: 415acc5af3d7bb062da9295046e20e14bfffa74bce5a0839ec40ec3116456fac
                                  • Opcode Fuzzy Hash: 4dbdd7d08ba8e1e0f4281c3217c1a9314168061b0313c8acd5ee641477edac09
                                  • Instruction Fuzzy Hash: DC91E474E01218CFEB54CFA9D998BADBBF2BF89310F2090A9D445AB3A0DB715945CF50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E8047, Relevance: 2.6, Strings: 2, Instructions: 107COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: >_Ir$>_Ir
                                  • API String ID: 0-3345021283
                                  • Opcode ID: 0138fb207f89bea09ad9de0daddb93339ba153dddf471d00760d2acdb9afcbd2
                                  • Instruction ID: 7ec845bc5fdcbd9fec2b0242bfd6d86548a41a33f5e88c698ee4dd1f664625d5
                                  • Opcode Fuzzy Hash: 0138fb207f89bea09ad9de0daddb93339ba153dddf471d00760d2acdb9afcbd2
                                  • Instruction Fuzzy Hash: AE411470A00248DFEB48EFA9D584A9DFBF2FF88304F25C0AAE444AB254C7309A50CF55
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F0551, Relevance: 2.5, Strings: 2, Instructions: 28COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: f]Ir$f]Ir
                                  • API String ID: 0-1106439763
                                  • Opcode ID: b15fc4a562978f15a38ae30aafb1ee6131e4b1055a70fc3142db5025c92a8694
                                  • Instruction ID: c583c255f8d1172865343d268eac18cdbee5897ea5531bb88f232c7c980a86e8
                                  • Opcode Fuzzy Hash: b15fc4a562978f15a38ae30aafb1ee6131e4b1055a70fc3142db5025c92a8694
                                  • Instruction Fuzzy Hash: 6EF03C70D022198FEB54CF68C814B9EBBF2BF99310F6181E9C548AB281CB745E80CF55
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF0D62, Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 04EF0E71
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: c21b5c2c88a67273299f2a2dc7fef05de08cabacf1ffd7e8ff36249c53c436eb
                                  • Instruction ID: ff631657e3b92fb266ed46657e2fe2e1485f292acc5401ccf9df3dda8114c5c0
                                  • Opcode Fuzzy Hash: c21b5c2c88a67273299f2a2dc7fef05de08cabacf1ffd7e8ff36249c53c436eb
                                  • Instruction Fuzzy Hash: 22514B7140E3C05FEB138B658C64A92BFB4AF47614F0A84DBE9C4DF1A3D265A809D771
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF11D7, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 04EF1287
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 78e0be4a2382b3783e0c7c2520ec853c083c1c06a8e537984770f03388c5f4d6
                                  • Instruction ID: ecff4b168fea642896465559e30299d247ab4c6c4a890adda1d6e93d8cce47d7
                                  • Opcode Fuzzy Hash: 78e0be4a2382b3783e0c7c2520ec853c083c1c06a8e537984770f03388c5f4d6
                                  • Instruction Fuzzy Hash: 0631B472004384AFE7128F65DC44FA7BFACEF46320F0484ABFA85DB152D224A909DB71
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100AB26, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0100ABD5
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: Open
                                  • String ID:
                                  • API String ID: 71445658-0
                                  • Opcode ID: 12eb390fb5baa07d99ed54e7bbf179a0da89aed622b4dbcaba66623384c27990
                                  • Instruction ID: 487b86f5540117d4871bf7163b3feab440df70722790cf6e81da48afde6bf4b4
                                  • Opcode Fuzzy Hash: 12eb390fb5baa07d99ed54e7bbf179a0da89aed622b4dbcaba66623384c27990
                                  • Instruction Fuzzy Hash: D631B472504384AFE7228B25CC45FA7BFFCEF06710F0884ABED809B152D264A949CB71
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100B4B0, Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 0100B56E
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: NameUser
                                  • String ID:
                                  • API String ID: 2645101109-0
                                  • Opcode ID: d175453112bc37767672725a30af380b5123adbdc72fefc7e4e7915efb40b36c
                                  • Instruction ID: 7303b8f9071fdc7d550e5c1c50a047d2ae92dbc02be15aafc47b2ef42010e03a
                                  • Opcode Fuzzy Hash: d175453112bc37767672725a30af380b5123adbdc72fefc7e4e7915efb40b36c
                                  • Instruction Fuzzy Hash: 7631737540D7C06FD3138B259C51B61BFB4EF87614F0A85DBD8848F1A3D2256909CB72
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100AC1D, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegQueryValueExW.KERNELBASE(?,00000E2C,D8E37318,00000000,00000000,00000000,00000000), ref: 0100ACD8
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: QueryValue
                                  • String ID:
                                  • API String ID: 3660427363-0
                                  • Opcode ID: 28e680ea0851234c9be88c2972903f8c318b604eb6eda9f6d4057920c56e98b0
                                  • Instruction ID: 4041d0fc6e152228e0e3d4980af48edd2e51c870acaf29a67b0966b35b4daec3
                                  • Opcode Fuzzy Hash: 28e680ea0851234c9be88c2972903f8c318b604eb6eda9f6d4057920c56e98b0
                                  • Instruction Fuzzy Hash: 6B318171105384AFE722CB25CC45F62BFF8EF06314F18849AE9858B193D264E549CB71
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF0572, Relevance: 1.6, APIs: 1, Instructions: 89fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CopyFileW.KERNELBASE(?,?,?), ref: 04EF05FE
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: CopyFile
                                  • String ID:
                                  • API String ID: 1304948518-0
                                  • Opcode ID: a4ceacbd97ce7c79b2782dbe983f529d034968b6a67e343f635b7f76aeb2dc6d
                                  • Instruction ID: 338fbe14cd33505fcbd22d9cacd33c38044d0c0edf2ccccb217ac4fd4a857afd
                                  • Opcode Fuzzy Hash: a4ceacbd97ce7c79b2782dbe983f529d034968b6a67e343f635b7f76aeb2dc6d
                                  • Instruction Fuzzy Hash: 70317EB150D3C09FD7138B24DC55A92BFB89F07214F1D84DBE984CF1A3D269A849C762
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF01D6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateMutexW.KERNELBASE(?,?), ref: 04EF027D
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: CreateMutex
                                  • String ID:
                                  • API String ID: 1964310414-0
                                  • Opcode ID: 3e155429a922e4a3856004315ec17e25676c9ba409167021c343d5e329277c2e
                                  • Instruction ID: 1a213c56ddf7833cb8d6f54d8cd3e7638524778e0f2588313ffd4dcb2f23c906
                                  • Opcode Fuzzy Hash: 3e155429a922e4a3856004315ec17e25676c9ba409167021c343d5e329277c2e
                                  • Instruction Fuzzy Hash: 9F31AFB1509380AFE712CB65CC84F56FFE8EF06214F18849AE9848B293D365A908CB71
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF072A, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                  Download Yara Rule
                                  APIs
                                  • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 04EF07C7
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: OpenPolicy
                                  • String ID:
                                  • API String ID: 2030686058-0
                                  • Opcode ID: d5e7bbe3703bfc93d22af2a6c6c51ae9deed68d972d1e460d71cff571fc4f1fc
                                  • Instruction ID: 7bfca6de06255c77148a1e7fd80824e0c903924c53db0da6f339a19d20c44c35
                                  • Opcode Fuzzy Hash: d5e7bbe3703bfc93d22af2a6c6c51ae9deed68d972d1e460d71cff571fc4f1fc
                                  • Instruction Fuzzy Hash: CB219E72504384AFE721CF64DC45FA7FFA8EF45710F0884ABEE449B192D324A908CB65
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF09C3, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetTokenInformation.KERNELBASE(?,00000E2C,D8E37318,00000000,00000000,00000000,00000000), ref: 04EF0A58
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: InformationToken
                                  • String ID:
                                  • API String ID: 4114910276-0
                                  • Opcode ID: 6c07e6d6e1fa981bb03126d8704be0cc1d9bc16a2d032fb8a891747d1e0f6a9d
                                  • Instruction ID: eb5736ba93735fbeb6b0d7999b2971c187b88b98e13748690c60547c535d83ab
                                  • Opcode Fuzzy Hash: 6c07e6d6e1fa981bb03126d8704be0cc1d9bc16a2d032fb8a891747d1e0f6a9d
                                  • Instruction Fuzzy Hash: 32218272104384AFE722CF65DC45F97BFB8EF46310F0888ABEA859B152D225A544CB61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF0EC8, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetFileType.KERNELBASE(?,00000E2C,D8E37318,00000000,00000000,00000000,00000000), ref: 04EF0F5D
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: FileType
                                  • String ID:
                                  • API String ID: 3081899298-0
                                  • Opcode ID: ea8a679eea1bb01fc5c473a9036bf93da404c5cf3aa703da97eeb64ffade5adc
                                  • Instruction ID: 8ad88a678d04a4fef1d2a3ea3c16366ed68a86aa740358370e7c4af352a551c0
                                  • Opcode Fuzzy Hash: ea8a679eea1bb01fc5c473a9036bf93da404c5cf3aa703da97eeb64ffade5adc
                                  • Instruction Fuzzy Hash: 0221FBB64497806FE7128B25DC41FA2BFA8DF47720F1884D7EE848B193D2646909C771
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF120A, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 04EF1287
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: a9d351d62dfb61d350693bab2baed1497f19a52e2930c211c46240db8d1ab0a5
                                  • Instruction ID: d9cf633b9d9c4be3e9ce37b7e42555cf07fdc2b47ff43f79c2d515da8da9e125
                                  • Opcode Fuzzy Hash: a9d351d62dfb61d350693bab2baed1497f19a52e2930c211c46240db8d1ab0a5
                                  • Instruction Fuzzy Hash: A921A172500208AFEB219FA5DC44FAAFBACEF04320F04886AEE45DA251D674A9049B61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF0DF2, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 04EF0E71
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: 3a1e361da0fb293fddfc65ff6a54538ac8b32258944a74470f7e734d95ef2129
                                  • Instruction ID: 41d27d96b23a3d9f2a927d316bdcf4dd5da6d67d883a2e4e6ef138e1bf19d8be
                                  • Opcode Fuzzy Hash: 3a1e361da0fb293fddfc65ff6a54538ac8b32258944a74470f7e734d95ef2129
                                  • Instruction Fuzzy Hash: 0E217C75600640AFEB21DF65DC84BA6FBE8EF08714F14846AEA858B252D371F404CB71
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF12E5, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • DeleteFileW.KERNELBASE(?), ref: 04EF136C
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: DeleteFile
                                  • String ID:
                                  • API String ID: 4033686569-0
                                  • Opcode ID: 1f4042da62f39244522f55e9430e16499c7f95a0230df8e8e76f6aaead686c7c
                                  • Instruction ID: 59eb2d10770d2d2e8b7d95388e8beb5d8f838ab8056dc660f7c1818ced540687
                                  • Opcode Fuzzy Hash: 1f4042da62f39244522f55e9430e16499c7f95a0230df8e8e76f6aaead686c7c
                                  • Instruction Fuzzy Hash: A921B0725093849FEB128F25DC51B92BFB4EF47214F0984DADD848F263D235A908CB61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF0F98, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteFile.KERNELBASE(?,00000E2C,D8E37318,00000000,00000000,00000000,00000000), ref: 04EF1029
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: FileWrite
                                  • String ID:
                                  • API String ID: 3934441357-0
                                  • Opcode ID: a02171fb11ff59b91e1f2dc12b446236ba4e74bdca324a19a4504c396a86cc00
                                  • Instruction ID: 5bbb280025ad2c9d4580e599d8cdfe05e2d90c9947848d3a66fdbd74dd2f517c
                                  • Opcode Fuzzy Hash: a02171fb11ff59b91e1f2dc12b446236ba4e74bdca324a19a4504c396a86cc00
                                  • Instruction Fuzzy Hash: 0921A172409384AFE7228F65DC44F56FFB8EF46314F08849BEE849B153C265A909CB72
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100AB56, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0100ABD5
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: Open
                                  • String ID:
                                  • API String ID: 71445658-0
                                  • Opcode ID: 9f511fe151b49550ba5daf1df02f84780f1adc35211821bcf86c850aefe20cc1
                                  • Instruction ID: 9d4ac85fbf78755ddbc0476f8b022bf03211cd3f2455377b2f5ca8dc7dd9a2a4
                                  • Opcode Fuzzy Hash: 9f511fe151b49550ba5daf1df02f84780f1adc35211821bcf86c850aefe20cc1
                                  • Instruction Fuzzy Hash: D0218E72500704EFF7219A59CC44FABFBECEF04720F14885BEE859B242D664A5088BB1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF0756, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                  Download Yara Rule
                                  APIs
                                  • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 04EF07C7
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: OpenPolicy
                                  • String ID:
                                  • API String ID: 2030686058-0
                                  • Opcode ID: cbbd94606a98ec9d2e81bac9392ba35f187aa55fe7ba00a4bede1cb9e9226f7d
                                  • Instruction ID: e59a71c96c101fa6ecc8eb27b92fa45d8181b7e8c6e495ab43788ff32352af5f
                                  • Opcode Fuzzy Hash: cbbd94606a98ec9d2e81bac9392ba35f187aa55fe7ba00a4bede1cb9e9226f7d
                                  • Instruction Fuzzy Hash: 48219372500704AFE720DF65DC45FABFBACEF44710F14846BEE449B242D674A5058BB5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF020A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateMutexW.KERNELBASE(?,?), ref: 04EF027D
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: CreateMutex
                                  • String ID:
                                  • API String ID: 1964310414-0
                                  • Opcode ID: 34947a559bd7019d79fe92aa765518caac6a94e52cc60c574aa4a85942d1f91c
                                  • Instruction ID: a0b5de46aac23e77589f217778c0bfa28f70ac26ca56529628d08e2286eff8ef
                                  • Opcode Fuzzy Hash: 34947a559bd7019d79fe92aa765518caac6a94e52cc60c574aa4a85942d1f91c
                                  • Instruction Fuzzy Hash: 0C21BE71600200AFF721DF65CC84BA6FBE8EF04320F14846AEE888B242E771E804CB75
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100BAE9, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                  Download Yara Rule
                                  APIs
                                  • DrawTextExW.USER32(?,?,?,?,?,?), ref: 0100BB6B
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: DrawText
                                  • String ID:
                                  • API String ID: 2175133113-0
                                  • Opcode ID: 003ee86fd4e66751716d56fa92bb98aff84365104e9846bed1ccfda2e0485828
                                  • Instruction ID: ca54dfef5e511929f2348b8fd612ae9c7c4794ea16ae647030e7654c016accf3
                                  • Opcode Fuzzy Hash: 003ee86fd4e66751716d56fa92bb98aff84365104e9846bed1ccfda2e0485828
                                  • Instruction Fuzzy Hash: 93219075509784AFEB22CF25DC44B56BFF4EF06210F0984DAE9848B263D275E908DB61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF13B3, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                  Download Yara Rule
                                  APIs
                                  • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 04EF142E
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: LookupPrivilegeValue
                                  • String ID:
                                  • API String ID: 3899507212-0
                                  • Opcode ID: 10b6a44f02b8e8197dd6c72215e8c247651ac77e7f3b968d2f4e6515cd28905e
                                  • Instruction ID: cea100db56d7a04e03c7eab8573b20dca45d7ceebd50a1eae66142f4f9c199cf
                                  • Opcode Fuzzy Hash: 10b6a44f02b8e8197dd6c72215e8c247651ac77e7f3b968d2f4e6515cd28905e
                                  • Instruction Fuzzy Hash: D12180715093849FD712CF25DC85B56FFE8EF46214F0884ABED44CB262D274E908CB61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100AC5E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegQueryValueExW.KERNELBASE(?,00000E2C,D8E37318,00000000,00000000,00000000,00000000), ref: 0100ACD8
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: QueryValue
                                  • String ID:
                                  • API String ID: 3660427363-0
                                  • Opcode ID: 6a5508906352ca8b1ad280912f06553a2368fba5fba483b646cf2db76acd41cc
                                  • Instruction ID: 9da6f2dac96c41b9e31b4213a7eff2b546a62931fd9367869cff88fff72fbe0e
                                  • Opcode Fuzzy Hash: 6a5508906352ca8b1ad280912f06553a2368fba5fba483b646cf2db76acd41cc
                                  • Instruction Fuzzy Hash: EC216D71600708EFE721DF19CC80FA6BBECEF04710F0484AAEA859B291D660E408CA71
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF09EE, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetTokenInformation.KERNELBASE(?,00000E2C,D8E37318,00000000,00000000,00000000,00000000), ref: 04EF0A58
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: InformationToken
                                  • String ID:
                                  • API String ID: 4114910276-0
                                  • Opcode ID: ebd2f29eb5be37f2c31116417be0ab8d00d878964217fb781f2f391cd8186e8d
                                  • Instruction ID: de119f5ca999b509b594b2dc4ae2a22f738a0c37c8729acbcbdfe57be94aac49
                                  • Opcode Fuzzy Hash: ebd2f29eb5be37f2c31116417be0ab8d00d878964217fb781f2f391cd8186e8d
                                  • Instruction Fuzzy Hash: A1119071500604AFEB218F65DC44FABBBECEF45320F14846BEA459B251D674A504CB71
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100BE85, Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0100BEF9
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: ProtectVirtual
                                  • String ID:
                                  • API String ID: 544645111-0
                                  • Opcode ID: 0c2f037c72a8d18eee0cfcc90ed96685120be7bd6d22613554dd333e5c9fc186
                                  • Instruction ID: 3ced69c6e2fb5be4eca4e9f7842df3535ec4e35daa6f7f63fe96037948f9897c
                                  • Opcode Fuzzy Hash: 0c2f037c72a8d18eee0cfcc90ed96685120be7bd6d22613554dd333e5c9fc186
                                  • Instruction Fuzzy Hash: E3219376509380AFEB138F25DC44BA2FFB4EF06214F0884DEEDC58B563D265A918DB61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100B319, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0100B395
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoadShim
                                  • String ID:
                                  • API String ID: 1475914169-0
                                  • Opcode ID: 54bd6a421dc3b634e0a3e6f389c9c8c17882397e0b5461be2a61a466f71c8fa6
                                  • Instruction ID: 55ce631d560db8bd1eca063e3aadc2af81ed248ebbcbb998b54d7ae7f77c1d95
                                  • Opcode Fuzzy Hash: 54bd6a421dc3b634e0a3e6f389c9c8c17882397e0b5461be2a61a466f71c8fa6
                                  • Instruction Fuzzy Hash: 9A2193B5509780AFE7228E15DC44B52FFE8EF06214F1880DAED84DB293D265A908CB71
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF17F5, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,?,?,?), ref: 04EF1869
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: 94264261484ba816cbb45ee5990535d6195231a2b6192ff9c67b48ad402739d4
                                  • Instruction ID: cb0168ce86c0b780643d9fb870f480c5ba8df6ba853e6c711dede097c91552a6
                                  • Opcode Fuzzy Hash: 94264261484ba816cbb45ee5990535d6195231a2b6192ff9c67b48ad402739d4
                                  • Instruction Fuzzy Hash: 5A216D714093C49FDB128F25CC44A51FFB4EF17220F0984DAE9848F163D265A918DB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100A5AF, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0100A61A
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: a7cb4df45faabce4b7d90d87716d8c52920da964f8f62931185b1ae3cd7a2968
                                  • Instruction ID: 624d062e766fa7d64d58af2fad17e5cc498acdfc400a53922aaadcddf02d3438
                                  • Opcode Fuzzy Hash: a7cb4df45faabce4b7d90d87716d8c52920da964f8f62931185b1ae3cd7a2968
                                  • Instruction Fuzzy Hash: 80118472409780AFDB238F55DC44A62FFF4EF4A210F08C5DAEE858B163C275A518DB61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF0679, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetFileAttributesW.KERNELBASE(?,?), ref: 04EF06DB
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: AttributesFile
                                  • String ID:
                                  • API String ID: 3188754299-0
                                  • Opcode ID: 41d92850b648cf1910c6f4972579ee825bca8f28094962bebd3c3e783a0146cf
                                  • Instruction ID: 1d815064420a31cbe8d564d5975cda2b8dba750bd3fd30a3846b751db817d316
                                  • Opcode Fuzzy Hash: 41d92850b648cf1910c6f4972579ee825bca8f28094962bebd3c3e783a0146cf
                                  • Instruction Fuzzy Hash: B81100B2508384AFDB11CF25DC84B52FFE8EF02220F0884AAED44CB253D274A849CB61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF0FCA, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteFile.KERNELBASE(?,00000E2C,D8E37318,00000000,00000000,00000000,00000000), ref: 04EF1029
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: FileWrite
                                  • String ID:
                                  • API String ID: 3934441357-0
                                  • Opcode ID: d063641cc3b277aa921926d834ee22cc525e5c08fb54c4135d06fc5cd7a2d099
                                  • Instruction ID: 7c9ff0af40251bc9620f4ac02642b3eb5c5c3dd90091c2f7dc57556c2d13a3d4
                                  • Opcode Fuzzy Hash: d063641cc3b277aa921926d834ee22cc525e5c08fb54c4135d06fc5cd7a2d099
                                  • Instruction Fuzzy Hash: 7611EF72400244EFEB218F54DC80FABFFA8EF04320F14846BEE459B201C274A808CBB1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100A65A, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetErrorMode.KERNELBASE(?), ref: 0100A6CC
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: ErrorMode
                                  • String ID:
                                  • API String ID: 2340568224-0
                                  • Opcode ID: 751f901736f9d2fa2d1dfb1c4cfe303712f8f9dc41d26d1c746ee1ea9b7da726
                                  • Instruction ID: d336183cbe4cef27ad6de3cef2e6441468d44754e9213daea9d7e4025fddeef1
                                  • Opcode Fuzzy Hash: 751f901736f9d2fa2d1dfb1c4cfe303712f8f9dc41d26d1c746ee1ea9b7da726
                                  • Instruction Fuzzy Hash: 501159754093C49FD7138B25DC94A52BFB4DF07220F0A80DBDD858F1A3D2695948CB72
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF13E6, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                  Download Yara Rule
                                  APIs
                                  • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 04EF142E
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: LookupPrivilegeValue
                                  • String ID:
                                  • API String ID: 3899507212-0
                                  • Opcode ID: df3294313fc0ffdf5b464d7944bcc8fd2c06c1de59604eef9cd97ec20395402d
                                  • Instruction ID: 490c1312de55d25e8d364134603ea94e0e68a6383c9abd9bbd32b9cd137f60ce
                                  • Opcode Fuzzy Hash: df3294313fc0ffdf5b464d7944bcc8fd2c06c1de59604eef9cd97ec20395402d
                                  • Instruction Fuzzy Hash: F611A1B1600204DFDB10CF29DC85B66FBE8EF84224F18D4AADE49DB242D674E804CB71
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF05B6, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CopyFileW.KERNELBASE(?,?,?), ref: 04EF05FE
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: CopyFile
                                  • String ID:
                                  • API String ID: 1304948518-0
                                  • Opcode ID: df3294313fc0ffdf5b464d7944bcc8fd2c06c1de59604eef9cd97ec20395402d
                                  • Instruction ID: db2201a721b6ebcaccf190a46f98ee409be8940b8283b842a216c9be614b00e2
                                  • Opcode Fuzzy Hash: df3294313fc0ffdf5b464d7944bcc8fd2c06c1de59604eef9cd97ec20395402d
                                  • Instruction Fuzzy Hash: 74115EB1A002009FDB20DF29DC85B56FBD8EF45621F18D4ABDE49DB642D6B4E804DB71
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100BB1A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                  Download Yara Rule
                                  APIs
                                  • DrawTextExW.USER32(?,?,?,?,?,?), ref: 0100BB6B
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: DrawText
                                  • String ID:
                                  • API String ID: 2175133113-0
                                  • Opcode ID: a076c2129846eabccc212b58c91061e8aa737b5f230b577e667a7d6efc7c8687
                                  • Instruction ID: e0b125e34ea287a9b1e923cd95a5dff30655f1b3713e18491378955ea369c17a
                                  • Opcode Fuzzy Hash: a076c2129846eabccc212b58c91061e8aa737b5f230b577e667a7d6efc7c8687
                                  • Instruction Fuzzy Hash: 961173755006449FEB31CF59D844B66FFE8EF04210F08C4AADE858B256D7B5E804CF61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF0F0A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetFileType.KERNELBASE(?,00000E2C,D8E37318,00000000,00000000,00000000,00000000), ref: 04EF0F5D
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: FileType
                                  • String ID:
                                  • API String ID: 3081899298-0
                                  • Opcode ID: f6d793f2196b7d0745c00641bfcdc6e0f87cb99917c8d2dc4a802763ce1d9cd6
                                  • Instruction ID: 7fb0443667c7388944950a9c6ba527aa7db844783bdce529eaad08b6056d9336
                                  • Opcode Fuzzy Hash: f6d793f2196b7d0745c00641bfcdc6e0f87cb99917c8d2dc4a802763ce1d9cd6
                                  • Instruction Fuzzy Hash: A501D272500704EEE720DF15DC85FA6FB98EF05720F14C0A7EE489B242D6B4A508CBB1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100A9F0, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: LongWindow
                                  • String ID:
                                  • API String ID: 1378638983-0
                                  • Opcode ID: 79d12bf864c2440ac600c8a626472bc82e30040586b9bd81bfa7995246ae408a
                                  • Instruction ID: bfb853fb0fdf04eca3e2b7850ec9ad197773c385606242809d78009dab255f99
                                  • Opcode Fuzzy Hash: 79d12bf864c2440ac600c8a626472bc82e30040586b9bd81bfa7995246ae408a
                                  • Instruction Fuzzy Hash: 6C117C72409784AFD7228F15DC84A56FFF4EF06220F08C4DAED854B2A3D375A958DB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF069E, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetFileAttributesW.KERNELBASE(?,?), ref: 04EF06DB
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: AttributesFile
                                  • String ID:
                                  • API String ID: 3188754299-0
                                  • Opcode ID: 0dec479ab3bb5375588c887964b3abc2d2e9402d1a5b67a9f731351b3915a604
                                  • Instruction ID: 65cfdf0780b313f202f3f0ede065e7aa3d38d3418725afa5ff84bfc06e4f2bc5
                                  • Opcode Fuzzy Hash: 0dec479ab3bb5375588c887964b3abc2d2e9402d1a5b67a9f731351b3915a604
                                  • Instruction Fuzzy Hash: A501CC716002449FDB10DF29DC847A6FBD8EF44221F08D8AAEE09DB642E674E804CF61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF1332, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • DeleteFileW.KERNELBASE(?), ref: 04EF136C
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: DeleteFile
                                  • String ID:
                                  • API String ID: 4033686569-0
                                  • Opcode ID: a7eb466819f515cf7e6ad8a3824ba82b5b4b54ff3db1d3ad1a3455b6fbf67fa5
                                  • Instruction ID: f219836320d37ee23b73e371c391d154be23276e66fa652809053b894e496f4f
                                  • Opcode Fuzzy Hash: a7eb466819f515cf7e6ad8a3824ba82b5b4b54ff3db1d3ad1a3455b6fbf67fa5
                                  • Instruction Fuzzy Hash: CD019E76A05204DFDB10CF29DC847AAFB98EF40220F08D4AADE49CB646D674E904CB61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100B34A, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0100B395
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoadShim
                                  • String ID:
                                  • API String ID: 1475914169-0
                                  • Opcode ID: 1c8682e239bbe358fdf0de1730ba27528af2fcb1db5c222f43c3d4b7b885f527
                                  • Instruction ID: 7f3d95b82f39d92c40376e499125797bc054ff0a013a3f268918441a6e85c52e
                                  • Opcode Fuzzy Hash: 1c8682e239bbe358fdf0de1730ba27528af2fcb1db5c222f43c3d4b7b885f527
                                  • Instruction Fuzzy Hash: 06018075500700DFE761DE19D844B66FFE8EF04620F28C49AEE899B342D675E408CB72
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100A5D6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0100A61A
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 4776b560b7419179fb82fa0cac02bf520a09b47655d4fa07db02084ee530f3d8
                                  • Instruction ID: 4d122903773c7b23e67fdd5d086913dc5b5772324075b77c390470b3016f51af
                                  • Opcode Fuzzy Hash: 4776b560b7419179fb82fa0cac02bf520a09b47655d4fa07db02084ee530f3d8
                                  • Instruction Fuzzy Hash: 10015B72500700EFEB228F55DC44B56FFE0EF48720F08C9AAEE894B652C275A418DF61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100BEBE, Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0100BEF9
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: ProtectVirtual
                                  • String ID:
                                  • API String ID: 544645111-0
                                  • Opcode ID: 1d02fbc39cc18d3d54f22294adb8a0aa96e94676bace143cc1caca8214072ba6
                                  • Instruction ID: ca081817d3890cf0f4dd34da59e0d5def410d0104369dc3514d0d7cc4829ce31
                                  • Opcode Fuzzy Hash: 1d02fbc39cc18d3d54f22294adb8a0aa96e94676bace143cc1caca8214072ba6
                                  • Instruction Fuzzy Hash: 7301B135500640DFEB219F19D844B66FFE0EF04320F18C0AEEE854B692C276A818DF62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 04EF182E, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,?,?,?), ref: 04EF1869
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237418664.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: 4d760369f7600df8b5b1ad68fc1158a45b7ffa4d77150ec961369eccf1b5a839
                                  • Instruction ID: a0ac02ea01b9ee46dc51de2f1fe8c4436d62ff254c06b7dc6524ad7ab20268d6
                                  • Opcode Fuzzy Hash: 4d760369f7600df8b5b1ad68fc1158a45b7ffa4d77150ec961369eccf1b5a839
                                  • Instruction Fuzzy Hash: DA018F31900744DFDB208F55DD84B66FFA0EF04320F48D49ADE490B216D275A818DFA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100AA12, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: LongWindow
                                  • String ID:
                                  • API String ID: 1378638983-0
                                  • Opcode ID: cac297b2b0f36e61db98ecf774af180c42ef0634ea221bb463c961e780e3466c
                                  • Instruction ID: 32c3e68b50e75f7bd0a3a230819dfcaa25935cfaed8555ea42f84715e5095d23
                                  • Opcode Fuzzy Hash: cac297b2b0f36e61db98ecf774af180c42ef0634ea221bb463c961e780e3466c
                                  • Instruction Fuzzy Hash: B8018B31500704DFEB218F19D984756FFA0EF09720F08C0AADE890B292C3B5A448DFA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0100A69A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetErrorMode.KERNELBASE(?), ref: 0100A6CC
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233580981.000000000100A000.00000040.00000001.sdmp, Offset: 0100A000, based on PE: false
                                  Similarity
                                  • API ID: ErrorMode
                                  • String ID:
                                  • API String ID: 2340568224-0
                                  • Opcode ID: c6f9a1bd88d58af1242aefdb3c8d88290c8eb1a0c444d6a9ebca1ebbcafbb354
                                  • Instruction ID: 0121926eea7af094731ca8e9160d40710deecb4351fac42053ca89a82fbf9c2c
                                  • Opcode Fuzzy Hash: c6f9a1bd88d58af1242aefdb3c8d88290c8eb1a0c444d6a9ebca1ebbcafbb354
                                  • Instruction Fuzzy Hash: 6AF08C35A00744DFEB119F19DC84766FFA0EF48221F18C0AADD894B256D2B9A448CEA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E0599, Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: :@Dr
                                  • API String ID: 0-3830894600
                                  • Opcode ID: df069ce75e877324690c103df7f1eecef44c66c8c41f984fb42acaf0b0b94953
                                  • Instruction ID: 8032fe7eee41cf0dac62418aed51c2648bce20f807ee315f673f942e248114d4
                                  • Opcode Fuzzy Hash: df069ce75e877324690c103df7f1eecef44c66c8c41f984fb42acaf0b0b94953
                                  • Instruction Fuzzy Hash: 60710874D01218CFEB54CFA9D898BADBBF2BF49300F2081A9D445AB350DB759981CF50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F2F09, Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: X0rv
                                  • API String ID: 0-2952385212
                                  • Opcode ID: 6cd527d9f11c93c81099762f2009d11f0a810f66f33876c1fa5f2bcbbec5a64d
                                  • Instruction ID: 6a233d2df6de67db1d3d93e252677b16c5dd58017b14e633091246eadcdb0311
                                  • Opcode Fuzzy Hash: 6cd527d9f11c93c81099762f2009d11f0a810f66f33876c1fa5f2bcbbec5a64d
                                  • Instruction Fuzzy Hash: DA219C74D1929ADFCB04CFA4C58099EFFB1FF84301F1498AED401AB25AD7B09A41DB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F2F18, Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: X0rv
                                  • API String ID: 0-2952385212
                                  • Opcode ID: fd376ba8fc7fac83dda70362331a6a7357bad2b5c87fe5f3c4fdaf16c23ca109
                                  • Instruction ID: d10d27eb8a8576640cadd9c37bf65a06cda7880a86f10a7bd3fe1989dd01e03b
                                  • Opcode Fuzzy Hash: fd376ba8fc7fac83dda70362331a6a7357bad2b5c87fe5f3c4fdaf16c23ca109
                                  • Instruction Fuzzy Hash: AC216970D1525ADFCB04CFA5C580AAEFBB1FF88301F10D4AED505AB259D7B09A41EB61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F652E, Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: <
                                  • API String ID: 0-4251816714
                                  • Opcode ID: d292e9d443a51a40a83ad028ced8d9987a61dd4ec9c4bca53fa9202b22bf07d4
                                  • Instruction ID: 94b552ec612f1edf4eb4f4376529d278df534abb5256548f514a7a7bcfa52202
                                  • Opcode Fuzzy Hash: d292e9d443a51a40a83ad028ced8d9987a61dd4ec9c4bca53fa9202b22bf07d4
                                  • Instruction Fuzzy Hash: 8C0190B4D052299FCB20CF64E898B9DBBB1AB48304F2192EED4097A251C7346A80CF51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F5CBB, Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: ntin
                                  • API String ID: 0-3077571345
                                  • Opcode ID: 2b0ab28cfd38be3c31bc3f98abec733b9152dcb0128bb9329bc3d5beb2fdc75c
                                  • Instruction ID: cba22d71e83069267058f0a0730ebcab2385578b1dc15d90c34870a045de95f5
                                  • Opcode Fuzzy Hash: 2b0ab28cfd38be3c31bc3f98abec733b9152dcb0128bb9329bc3d5beb2fdc75c
                                  • Instruction Fuzzy Hash: 82F03970919329CFCB51DF90C884A88BFF0FF1A700F1294EAC018AB222D734A985CF25
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F5B57, Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: l.dl
                                  • API String ID: 0-670203805
                                  • Opcode ID: ad7ef1f21747ff7c8c51e13192c6e096b096481972c47d610645367e4d452b96
                                  • Instruction ID: 5a0ddede9c46f37f1ad3e3c59d7bf744d740676a5468fb1f8ea240ce2c2918dd
                                  • Opcode Fuzzy Hash: ad7ef1f21747ff7c8c51e13192c6e096b096481972c47d610645367e4d452b96
                                  • Instruction Fuzzy Hash: 72F0DF749042288FDB10CFA8C889B9DBBF5BF08300F15D099C418AB326D7389940CF28
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F5D12, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: ntin
                                  • API String ID: 0-3077571345
                                  • Opcode ID: 91e479db72b50e9dda2a4d756a1791f354831c8526e636cae61330991ff9bb12
                                  • Instruction ID: 3bd5e64631abd7f3cedb22d7f5403e3027e15416051389b610e5eda96d9e1243
                                  • Opcode Fuzzy Hash: 91e479db72b50e9dda2a4d756a1791f354831c8526e636cae61330991ff9bb12
                                  • Instruction Fuzzy Hash: B6F0AE74A052298FDB14CF94C980A8DBBF4BF19300F119099C418AB725EB34AA40CF65
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E90D0, Relevance: .2, Instructions: 174COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bd91d2fbb98a2e4c2b75599bcb199dfd093f1b568eda6adc8aaa6fd3ca3a4ed7
                                  • Instruction ID: ee2a579956f2f0af8e9dcb6a5d4c72ddb1437e57084a53e9d0bb806eb48d7cc2
                                  • Opcode Fuzzy Hash: bd91d2fbb98a2e4c2b75599bcb199dfd093f1b568eda6adc8aaa6fd3ca3a4ed7
                                  • Instruction Fuzzy Hash: 6E71D7B4D04208DFCB44DFA9E9986ADBBF2FF89300F24946AE405AB355DB345981CF54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E90C0, Relevance: .2, Instructions: 168COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8011032768e80ac2a852c30b5b90446093f081ac68170d215fbf0eb50d7b7837
                                  • Instruction ID: cc4f3e1577cd6413cbe5e02e56d506e828c943ec39570b1fd731db39da0ccf79
                                  • Opcode Fuzzy Hash: 8011032768e80ac2a852c30b5b90446093f081ac68170d215fbf0eb50d7b7837
                                  • Instruction Fuzzy Hash: 9771F6B4D04208CFCB44DFA9E9986ADBBF2FF89300F24946AE409AB355DB345981CF54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050EF64A, Relevance: .2, Instructions: 167COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 45707c080261db45a6ef90333094acd0e159c0135478f72142d135ee4549e15d
                                  • Instruction ID: b4fbfd65752598591d8236700a9d1023d295b480aa3751f8eb890dda4e28cab6
                                  • Opcode Fuzzy Hash: 45707c080261db45a6ef90333094acd0e159c0135478f72142d135ee4549e15d
                                  • Instruction Fuzzy Hash: 116113B4D052098FDB04DFA9E644AEDBBF2BF5A324F64829AD414AB291D7309941CF11
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050EEEF8, Relevance: .1, Instructions: 134COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8f6c77d7ce00a02ade7e783c7517a6ce3849871dc1c0728128c93a93141ef5e6
                                  • Instruction ID: f3dea947deefde33acc45e2f594617a84d8d31c45e9a2340bf9aafb49709a364
                                  • Opcode Fuzzy Hash: 8f6c77d7ce00a02ade7e783c7517a6ce3849871dc1c0728128c93a93141ef5e6
                                  • Instruction Fuzzy Hash: E05112B0E04209CFDB45DFA9E8847EDBBF2BF48301F20846AD419A7292E7755981CF50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E0270, Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f08ec5d03cd117a135b0fb65d42e9f6c6cf456d22772a4bbf730333c01bbb4ca
                                  • Instruction ID: 810c7ea08e5820e949384585f10c3b3b6db0c0e78de4d83f73dda809cc818922
                                  • Opcode Fuzzy Hash: f08ec5d03cd117a135b0fb65d42e9f6c6cf456d22772a4bbf730333c01bbb4ca
                                  • Instruction Fuzzy Hash: D0517E78A00618DFDB50CFA8D894BADBBF1FB4D310F145499E942AB360D7B9A940DF60
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E0280, Relevance: .1, Instructions: 113COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2610ae9a6bcb6741faac8b63a86d6369759143ce226fb9b699f5ebb23c381872
                                  • Instruction ID: 4cd14ca105618b201ab679e05f11d11315f251986602732df693eaef8e75c8c9
                                  • Opcode Fuzzy Hash: 2610ae9a6bcb6741faac8b63a86d6369759143ce226fb9b699f5ebb23c381872
                                  • Instruction Fuzzy Hash: 1E41AF78A00618DFDB10DFA8D894BADBBF2FB4D310F105495E502AB3A0D7B9A940DF60
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A877, Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1895dce13c5bedacf10dd107e7fc011b59b587ab64cfa7849a8cf46a81ff41f1
                                  • Instruction ID: ec2199264ca44699a3fa26c121b2ecaeda757d13b9a313e44af2947e4ec0794e
                                  • Opcode Fuzzy Hash: 1895dce13c5bedacf10dd107e7fc011b59b587ab64cfa7849a8cf46a81ff41f1
                                  • Instruction Fuzzy Hash: 5D319AB6508300AFD310CF19EC41E5BFFE8EB89630F14C96EFD499B211D275A9058BA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A74C, Relevance: .1, Instructions: 93COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 814101124451c8931c39a58964f5bcc2a9bb1fb042d71fcc99e026e9f433c381
                                  • Instruction ID: e7c624e0c2a3f81e15b8c39d9230ba7d3a8fe9ad25cfc26e1a5ad44538a41245
                                  • Opcode Fuzzy Hash: 814101124451c8931c39a58964f5bcc2a9bb1fb042d71fcc99e026e9f433c381
                                  • Instruction Fuzzy Hash: 4C318EB6648300AFD310CF09EC41E57FFE8EB89630F14C96EFD489B211D275A9048BA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A9A5, Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 511a432995733c21b7f811081c34de8b5c16aed81f98019b78a324b1249e82be
                                  • Instruction ID: 934757a38b9b2bf8fb5ea6d7113c634022ab90f88191a2801c4ee3b3023a087c
                                  • Opcode Fuzzy Hash: 511a432995733c21b7f811081c34de8b5c16aed81f98019b78a324b1249e82be
                                  • Instruction Fuzzy Hash: 0A315EB6548340AFD310CF09EC41E5BFFE8EB85631F14C96EFD499B211D275A9048BA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E8D70, Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bb995c2d249303f1c28b988f6ade0205904f07cae066e9b014ce8051aedbebea
                                  • Instruction ID: f20742b3976fa345e92cae9691e0fc76fc4db24f8dd5c0229ec5721741b5850c
                                  • Opcode Fuzzy Hash: bb995c2d249303f1c28b988f6ade0205904f07cae066e9b014ce8051aedbebea
                                  • Instruction Fuzzy Hash: 98318DB4E012089BEB08DFAAD844AEEBBF2EF88304F20D129E915B7254DB755945CF54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A620, Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c1f5dac287d28f8ba5362704c45caf593442c53b62055d9068de1acdbb3d167f
                                  • Instruction ID: 5f562543f29efeb2b9583ddb67c484ee2ce6d4cdbcc6d22f23ac19e7d5e4beb8
                                  • Opcode Fuzzy Hash: c1f5dac287d28f8ba5362704c45caf593442c53b62055d9068de1acdbb3d167f
                                  • Instruction Fuzzy Hash: 9E21D1B6504300BFD3118F45EC41EA7FFE8EB85671F14C86AFD489B211D276A9048BB1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E8D80, Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d33a7421278f407e2ddc6e276a7953e1242710902dcd6515d2f40af23f5d0a1f
                                  • Instruction ID: 88cd950697e6c495347696aacbeb732b25364df23d461bfee848adcf13dfaa01
                                  • Opcode Fuzzy Hash: d33a7421278f407e2ddc6e276a7953e1242710902dcd6515d2f40af23f5d0a1f
                                  • Instruction Fuzzy Hash: 9F317DB4E012089BEB08DFAAD944AEEBBF2EF88304F20D129E91477354DB755945CF54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101AB28, Relevance: .1, Instructions: 81COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2d7f1838c296c3859852f85d069264034e217d03b229ac4f8dc462da74069502
                                  • Instruction ID: d8b6ccc6857454b85837d632ccf02df4b72a7e1ebc10422a0a07d1e193bd74a6
                                  • Opcode Fuzzy Hash: 2d7f1838c296c3859852f85d069264034e217d03b229ac4f8dc462da74069502
                                  • Instruction Fuzzy Hash: 433118B550E3C19FD302CF299850956BFF4EF8A614F0989DEF8C89B253D2759908CB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A1F1, Relevance: .1, Instructions: 81COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ed0cded4832c5dce5d008c91e87b391e39f36af031170909536e9cc98b8fd00c
                                  • Instruction ID: 50724a212f965434f53db4c6743d99b99c98d4f2838bfbb7a3cb636b8ec00fbb
                                  • Opcode Fuzzy Hash: ed0cded4832c5dce5d008c91e87b391e39f36af031170909536e9cc98b8fd00c
                                  • Instruction Fuzzy Hash: 1421C576544344BFD3118F09DC41E67FFA8EB85631F08C46AFD085B211D276A914CBB1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A41C, Relevance: .1, Instructions: 78COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dc44bf46536941d39b2e70c41d682f9408c145d4e60a93130a7a789532b2ac33
                                  • Instruction ID: 0ba7a5b393a531bad9e4ca107684f5ebda8af4e4c1161d39a37c6c26379fe0d5
                                  • Opcode Fuzzy Hash: dc44bf46536941d39b2e70c41d682f9408c145d4e60a93130a7a789532b2ac33
                                  • Instruction Fuzzy Hash: 0421C3B6644304BFD6108E0AEC41E67FFACEB84A70F14C92EFE0957211D276B9148BB1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A8A2, Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3daa8e95732b97050454ddd000ffcf88125b2940f2e845636313975868538c6f
                                  • Instruction ID: 5d5d2a901c3d7760d7a86a496e990ae2a996f6ed5b136fa46fdbe28d9c79b564
                                  • Opcode Fuzzy Hash: 3daa8e95732b97050454ddd000ffcf88125b2940f2e845636313975868538c6f
                                  • Instruction Fuzzy Hash: 17212CB6644304AFD210CF0AEC41E5BFBE8EB88630F14C92EFD4997311D275A9148BA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A9CE, Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1f9f4121e96b8cbfb21f3a48cd186b69c3fea7fd2ca0af48d87efb47f845665d
                                  • Instruction ID: 600e8ac70b29fa59e1bb0a6447a89cd75291e4b3a1d7565abe19ef367684ec66
                                  • Opcode Fuzzy Hash: 1f9f4121e96b8cbfb21f3a48cd186b69c3fea7fd2ca0af48d87efb47f845665d
                                  • Instruction Fuzzy Hash: 30212CB6644304AFD310CF0AEC41E5BFBE8EB88631F14C96EFD4897311D275A9148BA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A776, Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 79f6ead75e21ecaf5ae05d7e66140fed540fdb31e2985a0533a035f8b15f1547
                                  • Instruction ID: cae4957285360708ad495736554f870abdd821bd04d350928e332e61c50942a5
                                  • Opcode Fuzzy Hash: 79f6ead75e21ecaf5ae05d7e66140fed540fdb31e2985a0533a035f8b15f1547
                                  • Instruction Fuzzy Hash: BE212CB6644304AFD210CF0AEC41E5BFBE8EB88630F14C96EFD4897311D275A9148BA6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084FA5C0, Relevance: .1, Instructions: 74COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c4b8efbe24062e437816578327d99b145b30cd30551d48d47b5c9ad0fa192f72
                                  • Instruction ID: ab783a904a8cfedbaddbb17639efbaffb6665010d979317f2ad3d987061805f6
                                  • Opcode Fuzzy Hash: c4b8efbe24062e437816578327d99b145b30cd30551d48d47b5c9ad0fa192f72
                                  • Instruction Fuzzy Hash: 1231ED74D0421ADFDB04CFA8D584AEEFBB1FF48301F10806AD956AB261DB34AA41CF54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E0006, Relevance: .1, Instructions: 73COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 88339411ed0e4cf3cdd25dca73f722cd1133caafcc22eca9f04ba78bd7828acb
                                  • Instruction ID: 1da58cf6e3e30559ec6926d005b2106c5fd9ee5502daf1aa22865aea63eff077
                                  • Opcode Fuzzy Hash: 88339411ed0e4cf3cdd25dca73f722cd1133caafcc22eca9f04ba78bd7828acb
                                  • Instruction Fuzzy Hash: 7511637180D3C59FD7579B70D8667AABFF09B07300F2948DBD080E7293D6684958CBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F14F0, Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 70ba50938c940938f485551f3af4727cb37d7acbd66e4cbbe9a6836ece5d984d
                                  • Instruction ID: 3e3ecab01ffb81fd2ae5534a73b481090e2d01f860d5e32d235f2f8e0c9834a2
                                  • Opcode Fuzzy Hash: 70ba50938c940938f485551f3af4727cb37d7acbd66e4cbbe9a6836ece5d984d
                                  • Instruction Fuzzy Hash: 502142B0E0420ADFCB05CFA9C58099EFFB2FF89300F6194AAC415AB211D334AA458F91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A432, Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c7210fc23ec7ada0fb24a8649a79d8a06bc86e8264c9e1ddb7fc678d351a1313
                                  • Instruction ID: fc0b67eba997ba039e15a0a8e1e50caaf5c1dee0d5ddff369691f4f8d0cccbf4
                                  • Opcode Fuzzy Hash: c7210fc23ec7ada0fb24a8649a79d8a06bc86e8264c9e1ddb7fc678d351a1313
                                  • Instruction Fuzzy Hash: 9A119676644304BFD6108F0AEC41E67FBA8EB84631F14C96AFD0C57211D276B5148BA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A64A, Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 790733929fd7fbcdd9dcbdbb6bdd59dafe270d3eb4174c69e2d28e8349bd6df2
                                  • Instruction ID: 8bb09c4662b1383d761cfb732f8fc218f0ce215bb08098d19591771775cffe5b
                                  • Opcode Fuzzy Hash: 790733929fd7fbcdd9dcbdbb6bdd59dafe270d3eb4174c69e2d28e8349bd6df2
                                  • Instruction Fuzzy Hash: 611193B6644304BFD6108F0AEC41E67FBA8EB84631F14C96AFD095B211D276A9148BA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F1400, Relevance: .1, Instructions: 67COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 068200ab2a63ee5f2cfb47d37f580f2ac669ffcfc9c8afbaf4c6f12e7b7c0293
                                  • Instruction ID: 0ec23d9bfd5e15e8869d27d22dc7e951acc38dfbf1f02b231764de9ccc2fc2e3
                                  • Opcode Fuzzy Hash: 068200ab2a63ee5f2cfb47d37f580f2ac669ffcfc9c8afbaf4c6f12e7b7c0293
                                  • Instruction Fuzzy Hash: DF312DB4E05249DFCB45CFA9D1809AEFBB1FF88311F1190AAD818AB311D334A942CF61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A6A0, Relevance: .1, Instructions: 65COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7beaad6a390555d595c38c06c863bb0dd11faa529dc4a7bae68c716d1c551872
                                  • Instruction ID: 49c8102fa37a6e33ffcc7009afda9e2945b4ce6cc1682613e1db5befa6e109fe
                                  • Opcode Fuzzy Hash: 7beaad6a390555d595c38c06c863bb0dd11faa529dc4a7bae68c716d1c551872
                                  • Instruction Fuzzy Hash: 23215EB550D380AFD302CF19DC51957BFF4EF86620F0989DAF9889B253D235A908CB62
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A21A, Relevance: .1, Instructions: 64COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2956a00434c4f84a57171df2ce2e14c9f0a4baf40c5574f73619a3631cad6e00
                                  • Instruction ID: a01a42c87ff9172316a7dd775ff62cafca759d540b4fa534613c94b89cf10f68
                                  • Opcode Fuzzy Hash: 2956a00434c4f84a57171df2ce2e14c9f0a4baf40c5574f73619a3631cad6e00
                                  • Instruction Fuzzy Hash: 1711C672644304BFD6108F0AEC41E67FBACEB84A31F18C56AFD085B201D276B9148BB5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F1500, Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ea5b7a54e24d3d3b474190f437e62314bde7cbf7ee8b653f32dacc9023477320
                                  • Instruction ID: 6a17ac4ae9c3542f98773ef1d3874157e4a9723ac9a51e888762a52d09b86024
                                  • Opcode Fuzzy Hash: ea5b7a54e24d3d3b474190f437e62314bde7cbf7ee8b653f32dacc9023477320
                                  • Instruction Fuzzy Hash: 43213770E0420ADFCB05CFA9C5809AEFBF2FB88301F5195AAD515AB315D734AA418F91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050EF990, Relevance: .1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1913558e55bf6568d2a833127867c4be3aad8e944fdf442180d8033e3a9fa3d7
                                  • Instruction ID: 2f18f89d6118cc4df8b3518b8aef061866af24289550f65691f9f177885a0043
                                  • Opcode Fuzzy Hash: 1913558e55bf6568d2a833127867c4be3aad8e944fdf442180d8033e3a9fa3d7
                                  • Instruction Fuzzy Hash: 1221AF70D05349FFCB04DFA4F04866CBFB5EB59201F2081AED845A7206D7344A50DF51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F7FE9, Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ae1ce40fd4097c969504b6993f735f5f430cf099442ebe9abdf4ebc243807a48
                                  • Instruction ID: 9c9b8b67983dcec01c77a5cb7cfddab33ec4ee39674f19d70e11c77f6ee43f62
                                  • Opcode Fuzzy Hash: ae1ce40fd4097c969504b6993f735f5f430cf099442ebe9abdf4ebc243807a48
                                  • Instruction Fuzzy Hash: 8C315E74E10218CFDB14DFB4E988B5DBB72FB85221F10A49DD84997305DA708D86CF21
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00FE075C, Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233557509.0000000000FE0000.00000040.00000040.sdmp, Offset: 00FE0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6be97dd6ecdddbc57dfb876f3dcd3aa5b82949865287403e1159e11067c1c4c5
                                  • Instruction ID: 0b9b3c4fcfeb49ee883b694a3e2d483e90987fb8073b8aec6ff9500d0bd1a3ae
                                  • Opcode Fuzzy Hash: 6be97dd6ecdddbc57dfb876f3dcd3aa5b82949865287403e1159e11067c1c4c5
                                  • Instruction Fuzzy Hash: 63110635604384EFD705CB21C980B26BBD1EB88718F24C5ADE9491B643CBBBE843EE51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101AB69, Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8051ed14f3a8450b2365e41193c69cd25ed12741e3e733357e0787c0f86c728a
                                  • Instruction ID: 08d01d20b414116741011cef2b647da47b9d57cef4e30426c93a81b14592bc2f
                                  • Opcode Fuzzy Hash: 8051ed14f3a8450b2365e41193c69cd25ed12741e3e733357e0787c0f86c728a
                                  • Instruction Fuzzy Hash: E111D7B5908301AFD350CF19D881A5BFBE4FB88660F04892EF99897311D375EA048FA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00FE0726, Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233557509.0000000000FE0000.00000040.00000040.sdmp, Offset: 00FE0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a5fb037abe04b8b2c5e8a41c1167db8f396344019f07b07f74ae416b493f588d
                                  • Instruction ID: 0f51b1ba0f9d4a58e7b4acf99c0df924c8374a7dae8cfa34ac95d7806899c468
                                  • Opcode Fuzzy Hash: a5fb037abe04b8b2c5e8a41c1167db8f396344019f07b07f74ae416b493f588d
                                  • Instruction Fuzzy Hash: F021773550E3C48FD7038B20D950B15BFB1AF47318F2982DED4899B6A3C67A9846DB52
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E00F8, Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8ba41f9bb9deceda9871fdd94b6ed975d04a61a55e6662ea7587855abba2532a
                                  • Instruction ID: 4903737fb8ebf40ac40130e9e33ed88fc7fe7b4ea8760f6559afa54273e2f19b
                                  • Opcode Fuzzy Hash: 8ba41f9bb9deceda9871fdd94b6ed975d04a61a55e6662ea7587855abba2532a
                                  • Instruction Fuzzy Hash: 09212C30A0121ADFDB04EBA8E9445DD7BB6FB80308F204269E94297258DFFA5E01CB51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F90E8, Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 09947909e4eb2b65a473e2a913ec037095379a1d9e4e518480d1419710617538
                                  • Instruction ID: 24fffaaab42a1cbeaeb8664bc706e9ffaf2ac710a26febb1dbffcf706dbcfe8e
                                  • Opcode Fuzzy Hash: 09947909e4eb2b65a473e2a913ec037095379a1d9e4e518480d1419710617538
                                  • Instruction Fuzzy Hash: 0B210674E01209DFDB44DFA5E5886AEBBF2EB88301F2091AED915A3345D7305A418F90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F821C, Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fe924a3793918891368246f97166529413d348af1c07a4dcf8275a328bc43c78
                                  • Instruction ID: dadf373b07f35287dff879b453e5b974f87be934277da86c23c7022407b991a4
                                  • Opcode Fuzzy Hash: fe924a3793918891368246f97166529413d348af1c07a4dcf8275a328bc43c78
                                  • Instruction Fuzzy Hash: 7421DA74A11219CFDB04DFA5F94859DBFB1FB84351F20A22EE805AB355DB709982CF60
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E09D8, Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 04428c5ed9eafbec76f4ca9f15443dcff7bc7c79ecbe2bd39b6f210f3a313c56
                                  • Instruction ID: ee737a4296227b70aab6f90b249fe60034b65f6a1bfada3e28e25eab3838d236
                                  • Opcode Fuzzy Hash: 04428c5ed9eafbec76f4ca9f15443dcff7bc7c79ecbe2bd39b6f210f3a313c56
                                  • Instruction Fuzzy Hash: 1A111830A40109DBDB04EFA8D950AEEBBB6FF84300F6086A9D441A7394DF746F41DB81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084FEB08, Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f9df37535451932aa0d4426b5c6583379c03e1d935446a212917821e5548395c
                                  • Instruction ID: db7cdbd5e9d44aaf1b03170be34dbc493487c4e6d149d9e5b69664b4f9961c17
                                  • Opcode Fuzzy Hash: f9df37535451932aa0d4426b5c6583379c03e1d935446a212917821e5548395c
                                  • Instruction Fuzzy Hash: 3D11E574D01208DFCB44DFA9D5446AEBBB2FF88301F1084AED409A7351CB345A40CF55
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A178, Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2060322614ee3264c0d4fa1e89c03a9fd57a64c5c169a6f9db91313a1f1b5173
                                  • Instruction ID: 9c8daac87eba33e19e0962c5f2ba1e1f78ff8caf43a3e7559132de26e7e9cbe9
                                  • Opcode Fuzzy Hash: 2060322614ee3264c0d4fa1e89c03a9fd57a64c5c169a6f9db91313a1f1b5173
                                  • Instruction Fuzzy Hash: 8B01D4B254E3C06FD3124B259C55A92BF78DF43620F0884CBED849F153D25A6909D7B2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E0108, Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 67a4bebab1ba27e81a7f4c2e5e22533e671397ac2cbea73d3551aa5158e3a15e
                                  • Instruction ID: 7b85bf6b1f799b8b9a1c90a75ecd6798fc295a95a96bcbac0490236bc1c54ad5
                                  • Opcode Fuzzy Hash: 67a4bebab1ba27e81a7f4c2e5e22533e671397ac2cbea73d3551aa5158e3a15e
                                  • Instruction Fuzzy Hash: 3E112E30A0115ECFDB04EBA8D9545DD7BB6FB80308F204269E94157358DFF65E01CB51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E09E8, Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c67ad3ee2cf11d665f687296cd2d46cfc4f21f050035b9b5721baac7a86a7b32
                                  • Instruction ID: 7d9d584f369de04a3044b24822dbb12ec23b09275b9390ae86c05149b3d4ade5
                                  • Opcode Fuzzy Hash: c67ad3ee2cf11d665f687296cd2d46cfc4f21f050035b9b5721baac7a86a7b32
                                  • Instruction Fuzzy Hash: B7111730A4010AEBDB04EFA8C950AEEB7B6FF81300F6096A9954567394DF74AF41DB81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00FE05CF, Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233557509.0000000000FE0000.00000040.00000040.sdmp, Offset: 00FE0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cabc42071ce92ccb378dd875b9d6df321fda7e4d27033976c5bcddf0b35bc0c2
                                  • Instruction ID: 3769e1960fcbafab316b9478d9a9eeb7e4612eeb95cedcb4d9b8c1c42377d200
                                  • Opcode Fuzzy Hash: cabc42071ce92ccb378dd875b9d6df321fda7e4d27033976c5bcddf0b35bc0c2
                                  • Instruction Fuzzy Hash: 1301DB765097805FD7128F16DC40863FFB8DF86670709C49FED498B612D125A908CF72
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084FD010, Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3ef4521793f46e5d73ac0bc487fe899d05d6620e68bbec314dfa942fc3efbdd7
                                  • Instruction ID: 09d021dd71b2082c782114923c304a86b6574d5be34e57d1d926640372e85ccd
                                  • Opcode Fuzzy Hash: 3ef4521793f46e5d73ac0bc487fe899d05d6620e68bbec314dfa942fc3efbdd7
                                  • Instruction Fuzzy Hash: 33017C74D01209DFCB04DFA5E5456AEBBB6EF85302F1095AED505A3306E7309A42CF61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F3018, Relevance: .0, Instructions: 40COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 705b2a02c1b6a41e29ecffebbb6d9085b120a60c1b7b018ca4f50602bc8e5c27
                                  • Instruction ID: 6f637103fa052d2da9555ebda3474175059e866c0c01e2b5749555c1b2ebccd5
                                  • Opcode Fuzzy Hash: 705b2a02c1b6a41e29ecffebbb6d9085b120a60c1b7b018ca4f50602bc8e5c27
                                  • Instruction Fuzzy Hash: AD011A38A04244AFCB02DBA8D498A8DFFF1EF89210F19C0EDD9489B362D634D980DF41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E03E8, Relevance: .0, Instructions: 38COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0ae29f10db546e5377db3277b3effc158b19af0e5d2031c586e704e304080499
                                  • Instruction ID: 64940ce1282a29dfe1326e589c46179c477029adea072a9cdc0aeb7df32538b1
                                  • Opcode Fuzzy Hash: 0ae29f10db546e5377db3277b3effc158b19af0e5d2031c586e704e304080499
                                  • Instruction Fuzzy Hash: 42F030349452089BE70CEBB1D640BBF73BAEFC5204F549864950263154CF795E01EA54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050EF9A0, Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cd525988e3a7cfaa75b5982efb3782a4b0e652fc047f763de13dc1436e6957b7
                                  • Instruction ID: 968c8622025a612769a749d33e768ce5a9289d56e142c1627429d1bb454f2640
                                  • Opcode Fuzzy Hash: cd525988e3a7cfaa75b5982efb3782a4b0e652fc047f763de13dc1436e6957b7
                                  • Instruction Fuzzy Hash: C8F0F07490520AEFC700EFA4F14966CBBF6EB89202F20D49ED40A96204EB308A809B61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E0070, Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6f92be66367d8f4cd3e91a40c38e687fa76f3fbd415700169e915ccc89875e7d
                                  • Instruction ID: 6a533d024f37047710dc3e507c5720eaa217d93fd654763a8d34f6138a96087e
                                  • Opcode Fuzzy Hash: 6f92be66367d8f4cd3e91a40c38e687fa76f3fbd415700169e915ccc89875e7d
                                  • Instruction Fuzzy Hash: 57F08C70D012099FDBA8DFA4D8697FFFBF5EB49700F20182AC001B3280EAB559048BE4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F24D8, Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 11fd09994fdd58805713a758f1aa00c68af2308f63cf0ff6533b350f6772652e
                                  • Instruction ID: b5864304946cc1895e9cb7ad08ad0062b41c01a7a57f1b2a2dd03f2300e47d05
                                  • Opcode Fuzzy Hash: 11fd09994fdd58805713a758f1aa00c68af2308f63cf0ff6533b350f6772652e
                                  • Instruction Fuzzy Hash: 5D11B078C01329CFCB50DF95D58999DFBB0FB18304F1054AAD81AAB315D730A985CF10
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F7CD8, Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cce02d1b822011e7ec2f5f21890d92ff4a5261f267a35442a920fb50294a0369
                                  • Instruction ID: 252add55a7090f4ebc60230291b0eaad54dfaa6a0d2c83c80e7b2f6c8f8623e6
                                  • Opcode Fuzzy Hash: cce02d1b822011e7ec2f5f21890d92ff4a5261f267a35442a920fb50294a0369
                                  • Instruction Fuzzy Hash: 8AF024B0E0020CDFDB08DFA9E14465DB7B6EB84301F1090BEE40897306EB344A519F51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E0530, Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ad6955e00c7b53372b58e737c972835ef2643a3ccaf7c0b552b0e859c70fe0a8
                                  • Instruction ID: d464740d8175939107d2f835655b23a7cae8fd09462b721d0d0b19862b293250
                                  • Opcode Fuzzy Hash: ad6955e00c7b53372b58e737c972835ef2643a3ccaf7c0b552b0e859c70fe0a8
                                  • Instruction Fuzzy Hash: 53F0C474D00209EFDB44DFA8E444AAEBBF4FB48300F2085A9D81197315D775EE429FA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E03F8, Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a654f04d2c0d26b5ba96c2d45e4af5f50cccd0f1bec4252f4b62b5245681ab54
                                  • Instruction ID: 4f756c34e7f648010cac8e1cd86405a7a594dddb628093271385e2338bf42cec
                                  • Opcode Fuzzy Hash: a654f04d2c0d26b5ba96c2d45e4af5f50cccd0f1bec4252f4b62b5245681ab54
                                  • Instruction Fuzzy Hash: 68F03030A46208DBD70CEBB1C690EAF73BBDFD9204F649C54940123284CE796F01EA58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00FE0818, Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233557509.0000000000FE0000.00000040.00000040.sdmp, Offset: 00FE0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                  • Instruction ID: 6f793562b8971ce0be636780429efb263798fc0a3627aef4948237cbeb8798e2
                                  • Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                  • Instruction Fuzzy Hash: AFF01D35504684DFC305CF40D940B15FBA2EB89718F24C6ADE9490B752C777E813DE81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F7CD0, Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a800cc999a9c6ebd5d09eef143049a9de245a7dd330bd5ccb8a3ef808d4ea260
                                  • Instruction ID: 133595ad4ccf568065d3243f3dafffe342e42195f47fda2c1b39a62448712dbc
                                  • Opcode Fuzzy Hash: a800cc999a9c6ebd5d09eef143049a9de245a7dd330bd5ccb8a3ef808d4ea260
                                  • Instruction Fuzzy Hash: 39F096B0A00248DFDB05DFA9E14869D7BB2EB84311F5080AEE40097356EA349A45DF51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E0451, Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6844a0d2b22a89a4f5de85c9ae1f478c4afd68b9bf82a85b7ece14ed8266c191
                                  • Instruction ID: fa42cb2b577324c0a412c0ac4581b8f222ee4b19ebab19a06d1a93abbaf7adb0
                                  • Opcode Fuzzy Hash: 6844a0d2b22a89a4f5de85c9ae1f478c4afd68b9bf82a85b7ece14ed8266c191
                                  • Instruction Fuzzy Hash: BAF0F874C01208DFDB14EFB4D5087ADBBB0FB45301F1089AAD845A3355D77A9A50CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00FE05F6, Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233557509.0000000000FE0000.00000040.00000040.sdmp, Offset: 00FE0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6ab547f832cfd9a1f2ee41b2d8eff7d8ad7569812bd28e96898686fe6871e48e
                                  • Instruction ID: 754f4e58a1ca2474300ca6d4845a373c4c2a83bcd54dc6462af505285609c4b5
                                  • Opcode Fuzzy Hash: 6ab547f832cfd9a1f2ee41b2d8eff7d8ad7569812bd28e96898686fe6871e48e
                                  • Instruction Fuzzy Hash: EBE06DB66406008B9650DF0AEC41456F798EB88631B18C47FDC0D8B701E139B504CEA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A703, Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 735b1bb5058aa6b4d45116efa6a29ce9b44ccf38c9ec5feffe068140b3119f8a
                                  • Instruction ID: 8fa4f99615cddd3b7554307b89623797d73fafe01a5112a8dd78d35744344668
                                  • Opcode Fuzzy Hash: 735b1bb5058aa6b4d45116efa6a29ce9b44ccf38c9ec5feffe068140b3119f8a
                                  • Instruction Fuzzy Hash: 6AE0D8B2540300AFD2109F0AEC42F57FB98DB50A31F14C56BED081B301D1B5B5148AF5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A1AC, Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5dce7942ce554d05144ffc9dfcdb776451eeb798ff0f55a29b1d6221fc6c179a
                                  • Instruction ID: 0a33939557abcd554f8c18749c81fd388e7025c07d330d6d87291b8b13944112
                                  • Opcode Fuzzy Hash: 5dce7942ce554d05144ffc9dfcdb776451eeb798ff0f55a29b1d6221fc6c179a
                                  • Instruction Fuzzy Hash: A7E0D8B25403006BD2109F0ADC46B53FB5CDB40931F14C56BED081B301D1B5B5048AE5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A82F, Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bc328fa5ea523478bcffa6d17c0024472f12e516b23e5e10c90f6a6b2036ff93
                                  • Instruction ID: 676614d85796d12affb39161f6b0f8975653ab7f09a8c7b8f2e789ce7ea52e53
                                  • Opcode Fuzzy Hash: bc328fa5ea523478bcffa6d17c0024472f12e516b23e5e10c90f6a6b2036ff93
                                  • Instruction Fuzzy Hash: 04E0D8B2540300AFD2109F0AEC42F57FB98DB50A31F14C56BED081B302D1B5B5148AF5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A3C3, Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 13e4e5c94d1f1a67cfef14e9525de8cb1b506c39b999de859330dff26c9ad9ec
                                  • Instruction ID: bdafc4c930c7861187d899a4748a425f1f9518ff239de0a18cc6fa177b2a129e
                                  • Opcode Fuzzy Hash: 13e4e5c94d1f1a67cfef14e9525de8cb1b506c39b999de859330dff26c9ad9ec
                                  • Instruction Fuzzy Hash: 47E0D8B2A403006BD2109E0ADC42B53FB58DB40931F54C567ED0C1B302D1B6B5048AE5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101ABCB, Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 907d6384c9c4a51949152b704ad637e12ea56405d3fdef43f384403b7e9965c3
                                  • Instruction ID: 567b99c58942e47b45c5e2b1322731996edb4c3b3f83f4fa49d5daf16112282f
                                  • Opcode Fuzzy Hash: 907d6384c9c4a51949152b704ad637e12ea56405d3fdef43f384403b7e9965c3
                                  • Instruction Fuzzy Hash: 87E0D8B25503006FD2109E0AEC42B53FB98DB40A31F14C567FD081B302D1B6B5148AF5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A95B, Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: aa352788278f4979a8061a2c463a1a8a296b3ed3194cada895d6e643652a8b2d
                                  • Instruction ID: 58ed8194d00ddf2094eee4cdb3149d208f1495603b180e3f12c6c5f87ee43951
                                  • Opcode Fuzzy Hash: aa352788278f4979a8061a2c463a1a8a296b3ed3194cada895d6e643652a8b2d
                                  • Instruction Fuzzy Hash: 4CE0D8B2540300AFD2109F0AEC46F57FB58DB50A31F14C56BEE081B301D1B5B5148AF5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0101A5DB, Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233589016.0000000001012000.00000040.00000001.sdmp, Offset: 01012000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f91bc7d0256731f7d6f5dc1aeb417bd6558e981d64fd4e02d7c969ea6cb922ab
                                  • Instruction ID: 6922ddd46899738a2a05a5b2df66adc168cfc3fcf0011863d8fb983dd07fa837
                                  • Opcode Fuzzy Hash: f91bc7d0256731f7d6f5dc1aeb417bd6558e981d64fd4e02d7c969ea6cb922ab
                                  • Instruction Fuzzy Hash: 6AE0D8B25403006BD2109F0ADC42B53FB58DB40931F14C467ED081B301D1B5B5048AE5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E0220, Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 08dc3b0fa93f3c35342316043a76b22a3be2bfcafcbb89e29ba72300a4284b11
                                  • Instruction ID: 38cb120116fe733deda62870c72c7b31b674c2da5bdda60511fe339a97e97f75
                                  • Opcode Fuzzy Hash: 08dc3b0fa93f3c35342316043a76b22a3be2bfcafcbb89e29ba72300a4284b11
                                  • Instruction Fuzzy Hash: 30F03934C09308DFDB18DFA5F4066AC7BF6FB45305F2081A9D88A92214D7BA5A51CF81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F7BF0, Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 563a6a560fc6c31f86d5f88e61eba581757e38f8a07c861305a5a95119faf9b6
                                  • Instruction ID: 6a7652c4815f21632a3c8cffdf65e6dcc5e9485f3ecb15f12bef5876ab317904
                                  • Opcode Fuzzy Hash: 563a6a560fc6c31f86d5f88e61eba581757e38f8a07c861305a5a95119faf9b6
                                  • Instruction Fuzzy Hash: 1FE06D34905388EFC711DBA8D448288BFF0EB06301F1140EAE844D7252D6345984CF52
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050EEC28, Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 13c00351a348162731b87ce89bcb30fd3d36d0701a32fd1540844833cc20d0f4
                                  • Instruction ID: b4fcee1029096708345dbef1bc63b84aee222e4df6e32d7af8f11e7b2199ff9b
                                  • Opcode Fuzzy Hash: 13c00351a348162731b87ce89bcb30fd3d36d0701a32fd1540844833cc20d0f4
                                  • Instruction Fuzzy Hash: C2E06D70D04208DFCB04DFA4D5057ACB7F8EB44300F2081A99809A7391E7746A45CF51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E0460, Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 99808fe60a903679a8ec64ac4128cb68effa6c444bd08a26079d74fd20e9df05
                                  • Instruction ID: 502c258cbb3d958e0b1ebb6529c6e85d1b50ccd8e3bcb4a92843896ac6a14b4f
                                  • Opcode Fuzzy Hash: 99808fe60a903679a8ec64ac4128cb68effa6c444bd08a26079d74fd20e9df05
                                  • Instruction Fuzzy Hash: 9DF032B4C01208EFCB14EFB8D5086AEBBB0FB45301F2049A9C840A3344DB7A9A10CF80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084FD3E8, Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a0f630276335eaba52bf9016161687ec1fd5f04ef7862b2dae1873890a0314df
                                  • Instruction ID: 0d2d76e50c2b40fac4b77828fbb6bb5818c3094f9098dd66449b092865de7eff
                                  • Opcode Fuzzy Hash: a0f630276335eaba52bf9016161687ec1fd5f04ef7862b2dae1873890a0314df
                                  • Instruction Fuzzy Hash: 21F0C975D0020DEFCF41EFA8D944AAEBBB1FB48300F10856AE914A3251D7719661EF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050EF900, Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 38ebb272d9f83702b63a7cddf9498f2d409fa1e0ce4a3f6e6364e850afa7c738
                                  • Instruction ID: e94ead541b19640aa6fed290f9693e90053bd140f39182382f6a0ca57d724623
                                  • Opcode Fuzzy Hash: 38ebb272d9f83702b63a7cddf9498f2d409fa1e0ce4a3f6e6364e850afa7c738
                                  • Instruction Fuzzy Hash: 56E01A74849389AFD702EBB4E04865C7FB4AF06210F2545DEC8C59B273E6358A84DB52
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050EF948, Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 605923e62436afb69f74cccb6e3832f6bad6bff2e8049758797228875b70c59e
                                  • Instruction ID: df2c17242835f015bf84b2022ba68f023615914ab75ebf1e24efbf5237fcd801
                                  • Opcode Fuzzy Hash: 605923e62436afb69f74cccb6e3832f6bad6bff2e8049758797228875b70c59e
                                  • Instruction Fuzzy Hash: 13E01A74D04308EFCB14DFA4E101AADBBB5FB59300F2081AED89467315EB355A61DF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050EF5A1, Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3142044b4d0fe5569f1015744d801608cc129b7958889b844db981601018de73
                                  • Instruction ID: b505d2f4edaf070dcb2b533567401197ece14ebd5cadedbeebf074e376abf55b
                                  • Opcode Fuzzy Hash: 3142044b4d0fe5569f1015744d801608cc129b7958889b844db981601018de73
                                  • Instruction Fuzzy Hash: DDE04F70C0A3889FC712EFB8E455A6CBFF49F02200F6401EEC88597262EA341A14CB92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E937F, Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2213d6cbe23265bd49cf8ea299c50801d0da33d3846006baf195bace16e5f157
                                  • Instruction ID: aec6bf4c8baf55f3516dbfda57b1538a28d77faaac15e836244288d20d291ba4
                                  • Opcode Fuzzy Hash: 2213d6cbe23265bd49cf8ea299c50801d0da33d3846006baf195bace16e5f157
                                  • Instruction Fuzzy Hash: 9DE04F30C08308EFC714DFB4F84A39D7BB5EB45611F2045ADD485A22A1E7769AA0DF92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F59A7, Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b353a7418d07dba47080dbd039f7074622c58c90214cfcc74fd69ab69ac071ed
                                  • Instruction ID: b19bca10874b445e816dedb6d8b767a7144fe4dd04c042c19e8d656de723a2e0
                                  • Opcode Fuzzy Hash: b353a7418d07dba47080dbd039f7074622c58c90214cfcc74fd69ab69ac071ed
                                  • Instruction Fuzzy Hash: C4E0EDB4E10218CFDB94CF64D580B9EB3B6EB89300F51C0EA861DA6245DB745E95CF26
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E0230, Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 02858db84d63f98b8c55c4ba7803dbd3b2e6302f4f25a4c4078c71dfbda5b0bc
                                  • Instruction ID: aa5370ddaae42c4b383d0e57b879482ebe5bdec0f54e788835187c9847a8a18e
                                  • Opcode Fuzzy Hash: 02858db84d63f98b8c55c4ba7803dbd3b2e6302f4f25a4c4078c71dfbda5b0bc
                                  • Instruction Fuzzy Hash: 32E04634D09308DFCB14EFA9E50969CBBF6FB45301F2081A9D84993344D7BA6A50DB81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050EEEB8, Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6f389bd34a35dd99486d8cfbcf0577f03e58eaf72715a8cde9407d4e8ae72c2f
                                  • Instruction ID: 1a7d5d61331a41f2d69e5bfc4fd84d601bba606e141af9b2334b69af3d8dc54c
                                  • Opcode Fuzzy Hash: 6f389bd34a35dd99486d8cfbcf0577f03e58eaf72715a8cde9407d4e8ae72c2f
                                  • Instruction Fuzzy Hash: 91E04634C05208DFD744DFB4F50A7AC7FB9EB04604F2041AE9905A2361E7361E80CF94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F21F0, Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 657033dfa593fe8fd3cf75ca1558737c7ca9ae917c4217c4aa341b65cf6d1371
                                  • Instruction ID: fbf3b2ce73ba0bc6581ae581119d6255a0f6d253473583fa8d9e0a9d85d0e816
                                  • Opcode Fuzzy Hash: 657033dfa593fe8fd3cf75ca1558737c7ca9ae917c4217c4aa341b65cf6d1371
                                  • Instruction Fuzzy Hash: 62F02278A02668CFCB61CF54D988AD8BBB1FB48305F1011D9E809A7311D730AE85CF00
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050EEC38, Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0726ede5d7f375b570dd45fd3c31adb560a53d771fd5c5b143b73f4db1547a41
                                  • Instruction ID: 0eb49170bd2f25184b0cac35db945cec6d29b70dafddc0ee11737ed522494511
                                  • Opcode Fuzzy Hash: 0726ede5d7f375b570dd45fd3c31adb560a53d771fd5c5b143b73f4db1547a41
                                  • Instruction Fuzzy Hash: 2BE0B674D0420CEFCB04DFA8E144AACBBF9EB48304F2081E9D84967351D6356A45DF85
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F7C00, Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 606ec2314c57a58343cdf54d2545763ab966271368e849f8278266d065241280
                                  • Instruction ID: 66876a039bc6ec3244ba964cc2ed1851b369adb0d0275a13d25b110943bdc10c
                                  • Opcode Fuzzy Hash: 606ec2314c57a58343cdf54d2545763ab966271368e849f8278266d065241280
                                  • Instruction Fuzzy Hash: B8E0EC74D0130CDFCB50EFA8D44865CBBF4EB04201F1040BDE90893351E6359984CF81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050EF5B0, Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1266fb00337bc4bdcb7791d5fabd9ffb76960660c6bab49ef5025c8becd1522f
                                  • Instruction ID: dae6f4db93bc1835a5352e9265664e753a7386c59f3c7e5f3afdf1510888babd
                                  • Opcode Fuzzy Hash: 1266fb00337bc4bdcb7791d5fabd9ffb76960660c6bab49ef5025c8becd1522f
                                  • Instruction Fuzzy Hash: 5AD05E70D05308DFC700EFA8E4416ADBBB8AB11201F6041AAC94523241E7355A40CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E00ED, Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 054d2acc0d8a58fa70e14a5a1044083d096cc20309e1a06bec2eed65e8ab83a5
                                  • Instruction ID: 3a687bdb4e1fc95c47cdc12f97d0a1137bc24178941ddffb22e3d215bec16367
                                  • Opcode Fuzzy Hash: 054d2acc0d8a58fa70e14a5a1044083d096cc20309e1a06bec2eed65e8ab83a5
                                  • Instruction Fuzzy Hash: A9D01736D01109CFDB04CFA4E0842ECF7B1EB89325F208426C214A3200C73548448F50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084FBC78, Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ac1ad9bb759c30eb089e0df3540eec327b3e572ab756f41d957445b8f8d02dac
                                  • Instruction ID: 8f25939043758690ff04ad80af06736d9e57075f3f4702273151ac184aa9e6fe
                                  • Opcode Fuzzy Hash: ac1ad9bb759c30eb089e0df3540eec327b3e572ab756f41d957445b8f8d02dac
                                  • Instruction Fuzzy Hash: 40D01774D0134CEFCB60EFB9A4043ADBFF4DB04201F1045EE984892281EA385680DF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084FF0C0, Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 80ccbef1cc72d03a6f4a22fd50f57d9f4e6747f723fd98536948cf0ef174f600
                                  • Instruction ID: 19dcb9ce739a30bc243bc1223f8395e43d12bbf7c2e4a6350278d309923594e8
                                  • Opcode Fuzzy Hash: 80ccbef1cc72d03a6f4a22fd50f57d9f4e6747f723fd98536948cf0ef174f600
                                  • Instruction Fuzzy Hash: A1D022B088620CDFC300DBA4D400BBF736DAF02A01F1000AECA0823302EE365A04CF98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F694E, Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8f17465c9d6886f704844c15ab919725d5b77a355da8d04bf8c781e04ba6997c
                                  • Instruction ID: 6ed7578e13b1ec3a673ab93f82c711a9e8c061c3ffbc7dd82d6736b1aaeb399f
                                  • Opcode Fuzzy Hash: 8f17465c9d6886f704844c15ab919725d5b77a355da8d04bf8c781e04ba6997c
                                  • Instruction Fuzzy Hash: 91E0B6B5D083199FDB50CF94C940B9EB7F9BF59300F105099D618AB280E7349A40CF19
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084FBBA0, Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 032e3086608316a7fa4b96f1b0e17f79f8ff17173fe3cfcebf9ae27a33e2e07a
                                  • Instruction ID: 31223612bbc46d6610c74965ca13bb44edcf77ea163a8720909978ed9a640d54
                                  • Opcode Fuzzy Hash: 032e3086608316a7fa4b96f1b0e17f79f8ff17173fe3cfcebf9ae27a33e2e07a
                                  • Instruction Fuzzy Hash: 89D01774D0120CEFCB40EFA9E44939DBBF4EB04601F1080AE980893380E6355A80DF81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 010023F4, Relevance: .0, Instructions: 15COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233572838.0000000001002000.00000040.00000001.sdmp, Offset: 01002000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2a8d5105fbf09c4dbbbf88f7cb79a34aec5dce8bed1af7253911b6b2288801b8
                                  • Instruction ID: 66b74924f4d3c736dced5f8129d43ef10fea3e709668b8c092631825d14b54cd
                                  • Opcode Fuzzy Hash: 2a8d5105fbf09c4dbbbf88f7cb79a34aec5dce8bed1af7253911b6b2288801b8
                                  • Instruction Fuzzy Hash: E2D05E79215A818FE3278A1CC1A8B953FE4AB51B04F4744FDE8408B6A3C768D9D1D200
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 010023BC, Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.233572838.0000000001002000.00000040.00000001.sdmp, Offset: 01002000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 47557eba815e49a7b2dd2cbc0a09ab5dae79104fb1b2473730cd48c196ff6211
                                  • Instruction ID: 981880b64b81f8231a23d9da6ad00f9b8e149340a2ad285a3672867c634b3675
                                  • Opcode Fuzzy Hash: 47557eba815e49a7b2dd2cbc0a09ab5dae79104fb1b2473730cd48c196ff6211
                                  • Instruction Fuzzy Hash: C7D05E342002818BEB16DB0CD598F593BD4AB41B00F0684E8AD408B6A2C3B4D881C600
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E00CD, Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c725934dd497e7fdf5aecbf82675bdc30d5cf40dd05fb8acfe6b5fd3d0a86df4
                                  • Instruction ID: 949cc77440262df4472ddcacb27f4405dade23870a01b1b11eb694a79559a5da
                                  • Opcode Fuzzy Hash: c725934dd497e7fdf5aecbf82675bdc30d5cf40dd05fb8acfe6b5fd3d0a86df4
                                  • Instruction Fuzzy Hash: 9FD0C936E41108CF8B148FE8E4400DCF7B5EBCA326B109466C614B7300C7369815CF50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F7479, Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 49f9fcb67a73e60ce920c3f5a84b56a81858a7e179a4c97903894ccc44eba1fe
                                  • Instruction ID: 2b72cd03cbad4b8d8b143033ed7c03cfdc7ba745d1133133dbff5490dbc8a4b9
                                  • Opcode Fuzzy Hash: 49f9fcb67a73e60ce920c3f5a84b56a81858a7e179a4c97903894ccc44eba1fe
                                  • Instruction Fuzzy Hash: 51D092789083488FDB45CBA8C580BDEB7F5AF5A301F2150AAC55DAB741DB345E41CF26
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F6D5F, Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 29ab03d7cfad26afb01d02a95af0913c073da1e22344e23ada1c1f47efb362af
                                  • Instruction ID: ed260f52d3a529d4eae96813e9ad0ecd8fe639ade7a67d75e00d997cd3f199c7
                                  • Opcode Fuzzy Hash: 29ab03d7cfad26afb01d02a95af0913c073da1e22344e23ada1c1f47efb362af
                                  • Instruction Fuzzy Hash: 1BD0A7B4C04209CECB80CF94C48079DF3B4AB49304F10D0A6C019BB208DA348545CF15
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F5C85, Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: af72ba9652a96960717afc5870f18df1607e734dbd738290d113ca76f9ef2b49
                                  • Instruction ID: 6610b20b863dc36bccf617204955051319503f7e2425678d504b66869508f9fa
                                  • Opcode Fuzzy Hash: af72ba9652a96960717afc5870f18df1607e734dbd738290d113ca76f9ef2b49
                                  • Instruction Fuzzy Hash: 69D0C9749053089BDB95CB94C480A8EB7F5AF55300F2090A9805D67210DA305E49CF02
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F215E, Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a112c21089611c7bebb885d3d5eb803b182fa26ad74be13d683388a072f0549f
                                  • Instruction ID: 16c18d574d5212a0484e41fb2eba2ab1bf7b1a5db310e512d1dd8d890844434e
                                  • Opcode Fuzzy Hash: a112c21089611c7bebb885d3d5eb803b182fa26ad74be13d683388a072f0549f
                                  • Instruction Fuzzy Hash: 0BD06C78502324CFC756CF60E588898BBB2FB1A316F5012ADE40A5B312CB35DAC1CE11
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F55BC, Relevance: .0, Instructions: 9COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be2a452b754a46ec195154f504208842270c58d121472831c9d953364e9ec7d3
                                  • Instruction ID: 92c928f0b7fa8bc991a55d884d058a12fc2890555d0b9891c9e55111a9708144
                                  • Opcode Fuzzy Hash: be2a452b754a46ec195154f504208842270c58d121472831c9d953364e9ec7d3
                                  • Instruction Fuzzy Hash: 09D0C9709162199FCB90DB64D880A88BBB6FB41300F5059AA98099612CDF749A468B44
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050EE3D3, Relevance: .0, Instructions: 8COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 60341ef069c4ccaea07198b2d9439861108dd36029457d7af71f060d2feb9783
                                  • Instruction ID: 2573bff11f48f06e33347af0c5cc28e2c976e47688da7156d0776db491f5e15f
                                  • Opcode Fuzzy Hash: 60341ef069c4ccaea07198b2d9439861108dd36029457d7af71f060d2feb9783
                                  • Instruction Fuzzy Hash: 79D0C9B8A052288FCB25CF10E94468DB7F9EB49200F0011D9A58963201D7301FC08E04
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 050E93BF, Relevance: 5.1, Strings: 4, Instructions: 141COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: :@Dr$>_Ir$`5kr$f]Ir
                                  • API String ID: 0-3492759196
                                  • Opcode ID: 764275ff892129e3165617d886de601d9da3a08487d11bc70055eb3c2581d18f
                                  • Instruction ID: af0e6f0b8bfe98ddff8a64cf95c4369ca4560c588795f8bc0c3874c87221dda3
                                  • Opcode Fuzzy Hash: 764275ff892129e3165617d886de601d9da3a08487d11bc70055eb3c2581d18f
                                  • Instruction Fuzzy Hash: 4A516B70E00219CFE744EF6AE8547DDBBF6FBD5308F248229D548A7268DBB91806CB51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E93D0, Relevance: 5.1, Strings: 4, Instructions: 136COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: :@Dr$>_Ir$`5kr$f]Ir
                                  • API String ID: 0-3492759196
                                  • Opcode ID: be820935492907c49b0477a047bd32e427972956d0199e5275d9983498e41c4a
                                  • Instruction ID: 1a3dee7ff59d96d54e519b1e62d57bbbde702ba210b4dafaaae7a56bc77b7a70
                                  • Opcode Fuzzy Hash: be820935492907c49b0477a047bd32e427972956d0199e5275d9983498e41c4a
                                  • Instruction Fuzzy Hash: 1B514A70A00219CFE754EF6AE8547CDBBE6FBD5308F248229D548A7298DBB91806CB51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E9618, Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: -
                                  • API String ID: 0-2547889144
                                  • Opcode ID: f46fa7fa0361759e6b823a693fe1d107c36df486972e018d95ae31bda5e93c9c
                                  • Instruction ID: 392bb71edbfe247aa9017f4a9caf26e278e44c95838319f443bdc2af95bbacef
                                  • Opcode Fuzzy Hash: f46fa7fa0361759e6b823a693fe1d107c36df486972e018d95ae31bda5e93c9c
                                  • Instruction Fuzzy Hash: 01413EB1E016588BEB5DCF6B9D4078EFAF7BFC9200F14C1BA850CAA254DB700A818F11
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F56D9, Relevance: .2, Instructions: 196COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ccbeb14c984b53075e9d98beda6e626ace7b93e880155deeecb7dced0650ebdd
                                  • Instruction ID: 42a67f5b951a19e17ced8bc25feb9acf1202970a8bb91c9b38dae279b9466ebc
                                  • Opcode Fuzzy Hash: ccbeb14c984b53075e9d98beda6e626ace7b93e880155deeecb7dced0650ebdd
                                  • Instruction Fuzzy Hash: 6B711B71D05A988BDB29CF6BD84578AFBF3EFC5210F14C4AE954CAE216DA300A85CF11
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F36C8, Relevance: .2, Instructions: 163COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cfcc3765622289454faefcaccb6cb96c699921343514b8260d0b70e235c5ca80
                                  • Instruction ID: c222eb82f8d8ae915c067ba2f4206030273d2c20d4a1a50e2892ac200804b8bf
                                  • Opcode Fuzzy Hash: cfcc3765622289454faefcaccb6cb96c699921343514b8260d0b70e235c5ca80
                                  • Instruction Fuzzy Hash: 9C71DAB4E25209EFCB04CFA9D58499DBBF1FB49311F24D4AAE415AB311D738AA41CF10
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F36B9, Relevance: .2, Instructions: 163COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6a41f764ccfacc3099066a231271a0386e243986cd217a9d4bdea93371f3be87
                                  • Instruction ID: d019129b29f0452bf7b2d291facc403c10572dd653aa0cb676172f2dcc1cea1c
                                  • Opcode Fuzzy Hash: 6a41f764ccfacc3099066a231271a0386e243986cd217a9d4bdea93371f3be87
                                  • Instruction Fuzzy Hash: 7D71DDB4D29209EFCB04CFA9D58499DBBF1FF49214F14D5AAE415AB321D738AA41CF10
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F9A28, Relevance: .2, Instructions: 156COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 81cf97fe4c34615fb64f66ffaa4b53b0133729448b16e41f5a908368940ea4b4
                                  • Instruction ID: b97580d3945cccbd27af5c0700265be62d4df0ffa72aff751e6da90e6dae1d36
                                  • Opcode Fuzzy Hash: 81cf97fe4c34615fb64f66ffaa4b53b0133729448b16e41f5a908368940ea4b4
                                  • Instruction Fuzzy Hash: 9361F674E04259DFDB14CFAAC5806ADBBB2FF89301F2481AED915AB216D7349A42CF50
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F48F8, Relevance: .1, Instructions: 145COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8842a578786276236646895771dd3db3748651a028f6ff22af8f304148469fe7
                                  • Instruction ID: 0c6e9b46984b3951942a8e07672b79c34408b3158f457ea43d2cb8f9de2a27e0
                                  • Opcode Fuzzy Hash: 8842a578786276236646895771dd3db3748651a028f6ff22af8f304148469fe7
                                  • Instruction Fuzzy Hash: F8511374E0520ADFCB04CFAAD580A9EFBF1FB89201F14956AD529B7211D7389A01CF58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F4908, Relevance: .1, Instructions: 144COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a68f73272037e859e0ad2f591d3e3c321e642a5d37355e6fd69bb8bd4a918cd0
                                  • Instruction ID: 1521c7aa6a9e8afa74dce810ef87d86e99fb6c41e8004460795a50bcc593aaf6
                                  • Opcode Fuzzy Hash: a68f73272037e859e0ad2f591d3e3c321e642a5d37355e6fd69bb8bd4a918cd0
                                  • Instruction Fuzzy Hash: 4D510274E0521ADFCF04CFAAD580AAEFBF1FB89301F10956AD529B7211D7389A018F58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F4160, Relevance: .1, Instructions: 143COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5a8dc403386f8c9b6fd6a0489ca866e47ebaffca25a56cfe46b0ff366bd143d6
                                  • Instruction ID: a1c73702a2b876ccd0da853c5e93af708aaec75a376f54a5ad8d54cf5b9d76c7
                                  • Opcode Fuzzy Hash: 5a8dc403386f8c9b6fd6a0489ca866e47ebaffca25a56cfe46b0ff366bd143d6
                                  • Instruction Fuzzy Hash: 2E511674D0121ADFCB04CF99D6849AEFBB1FF48341F20956AE515BB206C730AA41CFA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F4150, Relevance: .1, Instructions: 142COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b44945d7b834fd5351dedc67e3c87d5ee567d2cc1cb20c2730cba87fb1c91695
                                  • Instruction ID: 055f5b557488619c47f33a51ea52a65fb4907049e9cc2bfd64fc5b586746f39f
                                  • Opcode Fuzzy Hash: b44945d7b834fd5351dedc67e3c87d5ee567d2cc1cb20c2730cba87fb1c91695
                                  • Instruction Fuzzy Hash: C9513774D1521ADFCB04CFA9D6849AEFBF1FF48341F10856AE515AB206C730AA41CFA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F97C8, Relevance: .1, Instructions: 140COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a048f424110f0ab348eb22ca543c4ae4e16985626b16be822105d241d32be326
                                  • Instruction ID: 8d897d3bb215f45eb96e0ff4afefaa1ef6e44f99bebbaa41ae37f793837791d7
                                  • Opcode Fuzzy Hash: a048f424110f0ab348eb22ca543c4ae4e16985626b16be822105d241d32be326
                                  • Instruction Fuzzy Hash: 47517A70D01259DFCB04CFA6C980AAEFFB2FF89315F14956AC110B7256D3309A42CB60
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F8AF0, Relevance: .1, Instructions: 127COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b0635c931da50fa446e527e1a33a98ab840935ee0fdc0e38566f85d0a686161a
                                  • Instruction ID: f19a26dbbc5806c29722eb4fbd9f1f5b4bf7b16f702e2f2e6f61c869c2a9302d
                                  • Opcode Fuzzy Hash: b0635c931da50fa446e527e1a33a98ab840935ee0fdc0e38566f85d0a686161a
                                  • Instruction Fuzzy Hash: 95517CB0D096959FCB05CFA6C58049DFFB2FF8A300B28C5AED454AB256C3349A42CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F5778, Relevance: .1, Instructions: 123COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7eec0cca3bd3b508c0f7e4c6ba80cfc2f141ab561fb1cb5b381c7d056577cc36
                                  • Instruction ID: d3cc04a4ae4faf5aebdc5926b38433d22367b5472fde8ac95aa7f62bdb9a8884
                                  • Opcode Fuzzy Hash: 7eec0cca3bd3b508c0f7e4c6ba80cfc2f141ab561fb1cb5b381c7d056577cc36
                                  • Instruction Fuzzy Hash: 3B5158B1E016588BDB58CF6BD94469EFBF3EFC8201F14C0BA950DA6255DB341A81CF11
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F850F, Relevance: .1, Instructions: 108COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9ab58fedfcb4e234e15dd4da4f998f4d9ca926152106295799caad533d85c844
                                  • Instruction ID: 7dff187816898ccdcdc68eab4f232497689501cc8722d07ea5ca7c15b0b99b45
                                  • Opcode Fuzzy Hash: 9ab58fedfcb4e234e15dd4da4f998f4d9ca926152106295799caad533d85c844
                                  • Instruction Fuzzy Hash: 22315A70D0A7C58FDB16CFBAC841159FFB2AF86211B28C4BEC594AF223C6344946DB52
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F0006, Relevance: .1, Instructions: 103COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ec3c37fa6c9cbd48c8cd6f3dc7db8ec47b6d6d49844ccbd4602f33abce58d16d
                                  • Instruction ID: 2ba77a3113ce577457f3a1cf2a314a1b1f4d7c8317443d1de8cc015967d1ab2e
                                  • Opcode Fuzzy Hash: ec3c37fa6c9cbd48c8cd6f3dc7db8ec47b6d6d49844ccbd4602f33abce58d16d
                                  • Instruction Fuzzy Hash: 4F311C61D0A7C59FD70ACF76985069ABFB26FC7200F19C5EBC4849A163D7340946CB52
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 050E9608, Relevance: .1, Instructions: 102COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.237557299.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 53adf7cab41d0dd235be77748c6454a0d6599b34df93a88b0875ff9505974e00
                                  • Instruction ID: f217ade93b40496c1f0efb963770f27e1f23a40e5f53b04ead0719208a3ce4e3
                                  • Opcode Fuzzy Hash: 53adf7cab41d0dd235be77748c6454a0d6599b34df93a88b0875ff9505974e00
                                  • Instruction Fuzzy Hash: 28415271E116588BEB5DCF6B9D4079EFAF7BFC9200F14C1BA944CA6254EB3006818F10
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F8B48, Relevance: .1, Instructions: 100COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 340f112e3467f14eb16105c002e36dfb9854a33a89ffa679292c9e9970f34996
                                  • Instruction ID: 0f528a4b339ce08cdc6303c6a0e85ceac16c2692556457b005b142550f3260f4
                                  • Opcode Fuzzy Hash: 340f112e3467f14eb16105c002e36dfb9854a33a89ffa679292c9e9970f34996
                                  • Instruction Fuzzy Hash: 4941F9B4D05259DFDB14CFAAC5805ADFBF2EF89305B24C26ED814AB246D7349A02DF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F4718, Relevance: .1, Instructions: 94COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2ce8caa9c4afab7cf1d9bd583d1b6297d5b9b8207fddd508a28bb9ba8e1140ff
                                  • Instruction ID: e433fddbe274036758769e4e5129b17003ab5c6da4aefe06a1a75b3f165b2a11
                                  • Opcode Fuzzy Hash: 2ce8caa9c4afab7cf1d9bd583d1b6297d5b9b8207fddd508a28bb9ba8e1140ff
                                  • Instruction Fuzzy Hash: 8E4124B1D0420ADFCB04CF9AD5814AFFBF2EF89301F10946AC511AB216D734A692CF98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F4B30, Relevance: .1, Instructions: 93COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fff9de71da874e750d2fccf7689f4e39ac7696a8c3f607826a7f0aa15f7c910a
                                  • Instruction ID: fa5fa700673383f4030b3ca05b7e61808f0f6521df88b9d889ded5b6ce6d541f
                                  • Opcode Fuzzy Hash: fff9de71da874e750d2fccf7689f4e39ac7696a8c3f607826a7f0aa15f7c910a
                                  • Instruction Fuzzy Hash: E24127B4D0520ADFDB04CFA6C5805AEFBB2FF99311F20D4AAC504B7306DB349A428B95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F4728, Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d639d640e20b0d73e82ea547b0ad0f42be9b443d2d643394753201f51ecfbd8b
                                  • Instruction ID: 7ee61bed063e44e0bf1bac45d32ddfb592668ea422f2b20a5dc79fcfc7107ebd
                                  • Opcode Fuzzy Hash: d639d640e20b0d73e82ea547b0ad0f42be9b443d2d643394753201f51ecfbd8b
                                  • Instruction Fuzzy Hash: 2B4112B1D0020ADFCB04CF9AD5815AEFBF2EF89301F10956AC515BB205D734A682CF98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F4B40, Relevance: .1, Instructions: 90COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c7525fae32a84431f3f376aad5dbc5cfde590c9fac747a4fd96544863798b0fd
                                  • Instruction ID: 0937c337245943bedc21f8cc52d4caea734c668b2a45180748e27e5567cf1a85
                                  • Opcode Fuzzy Hash: c7525fae32a84431f3f376aad5dbc5cfde590c9fac747a4fd96544863798b0fd
                                  • Instruction Fuzzy Hash: 0D41F7B4D0520ADFDB04CF96D5805AEFBB2EF88311F20D56AD505B7306DB349A428F95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F4CE0, Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c6abf6eacd285fe88e2d58ee8d0dee6dfa2eebf43220b21e5e5bb7f9091c7b45
                                  • Instruction ID: 1d1726c23dc63618bdfdac674745be61f42e9106941e397b9e5f18c58a5fe927
                                  • Opcode Fuzzy Hash: c6abf6eacd285fe88e2d58ee8d0dee6dfa2eebf43220b21e5e5bb7f9091c7b45
                                  • Instruction Fuzzy Hash: B611F8B1E016189BEB1CCFABD84469FFAF7EFC9200F15C17AD91CA6215EB3005418E51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084FF138, Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 945b7b503ffab1221742bee2ae49884ed244951f4800aaa005dfb2e2d3bd3535
                                  • Instruction ID: b0cea73abd81ce21c2a1c6e2104e90c62941cf6910087524824a2dd7f8dca610
                                  • Opcode Fuzzy Hash: 945b7b503ffab1221742bee2ae49884ed244951f4800aaa005dfb2e2d3bd3535
                                  • Instruction Fuzzy Hash: 7911E370D142199FDB14CFA9C944BEEBAF0AF0A301F14546AE148B3241DB788A44CFA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F4CD0, Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b17660ec79982f612ab10a5006a84003dbb24dc60105cc2508177282ab2f1a3
                                  • Instruction ID: 8281122239e57f8e60dd2f4783180f875e150b70cd227c34c44976ed451a230d
                                  • Opcode Fuzzy Hash: 3b17660ec79982f612ab10a5006a84003dbb24dc60105cc2508177282ab2f1a3
                                  • Instruction Fuzzy Hash: 9D11FB71E017589BEB18CF6BD94469FFBF3AFC9200F18C17AD808AA219DB3405428F61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084FA038, Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2a557f85438acc9679ba19a63916f05d776a5457230367afc7c7e3e87c303b27
                                  • Instruction ID: 2150bbe325d5b87d11fc72d330a5fc3a283fd8722cbe25f46ac7f526b80eff3e
                                  • Opcode Fuzzy Hash: 2a557f85438acc9679ba19a63916f05d776a5457230367afc7c7e3e87c303b27
                                  • Instruction Fuzzy Hash: DA11C5B1E10618CFDB08CFAB954019EFBF7AFC8200F24C57E8518A7215EA3456429F41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084FA768, Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 07a386e0ac041d999db87f68ec8506bf0a2fd6b540e79a6c1f10764059c20634
                                  • Instruction ID: 1e9fc77029ad787f251e8a1ffbdd219c324b720c667b24fa9ef52a8b1c7d6bd7
                                  • Opcode Fuzzy Hash: 07a386e0ac041d999db87f68ec8506bf0a2fd6b540e79a6c1f10764059c20634
                                  • Instruction Fuzzy Hash: 3B11D3B0E00619DFDB18CFABC54469EFBF6ABC8200F24C57E8518AB215EA345A528F40
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 084F8590, Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.241444622.00000000084F0000.00000040.00000001.sdmp, Offset: 084F0000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 854304e0217bbeff7d742a03274f6374cbc4657ea41d5d67432613440251a501
                                  • Instruction ID: efb9a01bc4254d09ac58599f15c44eb94716f32cb868462514a8ea4cc8b3bf1f
                                  • Opcode Fuzzy Hash: 854304e0217bbeff7d742a03274f6374cbc4657ea41d5d67432613440251a501
                                  • Instruction Fuzzy Hash: DB11D3B1D01609CBEB18CFABD94019EFBF2EF88200F24C17ED418AB216EA3456429F41
                                  Uniqueness

                                  Uniqueness Score: -1.00%