Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Variant.Bulz.495766.21629.30464

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Bulz.495766.21629.30464 (renamed file extension from 30464 to exe)
Analysis ID:433461
MD5:755aff3a424238b026f8d547783ecbd8
SHA1:d3c73271b3751043cdeb732e4c473fe462fbcd24
SHA256:41cba03f4c6ce7e24b6f2d9f146a8cb82e9a43236859e82f14b225c2232adc5b
Tags:exe
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: MSBuild connects to smtp port
Yara detected AgentTesla
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains very large array initializations
Injects a PE file into a foreign processes
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Antivirus or Machine Learning detection for unpacked file
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Variant.Bulz.495766.21629.exe (PID: 5760 cmdline: 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe' MD5: 755AFF3A424238B026F8D547783ECBD8)
    • MSBuild.exe (PID: 6036 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: D621FD77BD585874F9686D3A76462EF1)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Username": "Graceboy123@vivaldi.net", "Password": "4Lmm4pew4Z3EVCn", "Host": "smtp.vivaldi.net"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.211514974.0000000004141000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000000.00000002.211514974.0000000004141000.00000004.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
      00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
        00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000002.00000000.208728671.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.MSBuild.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              2.2.MSBuild.exe.400000.0.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                2.0.MSBuild.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  2.0.MSBuild.exe.400000.0.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                    0.2.SecuriteInfo.com.Variant.Bulz.495766.21629.exe.41f3898.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 3 entries

                      Sigma Overview

                      Networking:

                      barindex
                      Sigma detected: MSBuild connects to smtp portShow sources
                      Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 31.209.137.12, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 6036, Protocol: tcp, SourceIp: 192.168.2.3, SourceIsIpv6: false, SourcePort: 49743

                      System Summary:

                      barindex
                      Sigma detected: Possible Applocker BypassShow sources
                      Source: Process startedAuthor: juju4: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, ParentCommandLine: 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe' , ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe, ParentProcessId: 5760, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, ProcessId: 6036

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 2.0.MSBuild.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "Graceboy123@vivaldi.net", "Password": "4Lmm4pew4Z3EVCn", "Host": "smtp.vivaldi.net"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeVirustotal: Detection: 37%Perma Link
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeReversingLabs: Detection: 30%
                      Source: 2.0.MSBuild.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: 2.2.MSBuild.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\alpHSWIRpA\src\obj\Debug\LockCookie.pdb source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe
                      Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\alpHSWIRpA\src\obj\Debug\LockCookie.pdb(c source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe

                      Networking:

                      barindex
                      Source: global trafficTCP traffic: 192.168.2.3:49743 -> 31.209.137.12:587
                      Source: Joe Sandbox ViewIP Address: 31.209.137.12 31.209.137.12
                      Source: global trafficTCP traffic: 192.168.2.3:49743 -> 31.209.137.12:587
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
                      Source: unknownDNS traffic detected: queries for: smtp.vivaldi.net
                      Source: MSBuild.exe, 00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                      Source: MSBuild.exe, 00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                      Source: MSBuild.exe, 00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: http://XkSLco.com
                      Source: MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
                      Source: MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
                      Source: MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
                      Source: MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                      Source: MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                      Source: MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org0
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211190070.0000000003141000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpString found in binary or memory: http://smtp.vivaldi.net
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.213272834.0000000006680000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comm
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000003.200243346.0000000006693000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnn
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000003.202971106.00000000066B9000.00000004.00000001.sdmp, SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeString found in binary or memory: http://www.google.com
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000003.203722944.00000000066B9000.00000004.00000001.sdmpString found in binary or memory: http://www.monotype.w
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                      Source: MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                      Source: MSBuild.exe, 00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
                      Source: MSBuild.exe, 00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%h
                      Source: MSBuild.exe, 00000002.00000002.468955537.0000000002EB5000.00000004.00000001.sdmp, MSBuild.exe, 00000002.00000002.469422139.0000000002F3E000.00000004.00000001.sdmpString found in binary or memory: https://ntXEiMB2Wl.net
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211514974.0000000004141000.00000004.00000001.sdmp, MSBuild.exe, 00000002.00000000.208728671.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: MSBuild.exe, 00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701

                      System Summary:

                      barindex
                      .NET source code contains very large array initializationsShow sources
                      Source: 2.0.MSBuild.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007bABCC7686u002d42EAu002d49CEu002d967Eu002dC66648BE0313u007d/u0032334AB87u002dAF54u002d440Bu002d8DB9u002d5512AE4216F6.csLarge array initialization: .cctor: array initializer size 11959
                      Source: 2.2.MSBuild.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007bABCC7686u002d42EAu002d49CEu002d967Eu002dC66648BE0313u007d/u0032334AB87u002dAF54u002d440Bu002d8DB9u002d5512AE4216F6.csLarge array initialization: .cctor: array initializer size 11959
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_0310C2B00_2_0310C2B0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_031099A00_2_031099A0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_0786B6880_2_0786B688
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_0786C0D10_2_0786C0D1
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_0786CF100_2_0786CF10
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_0786AE280_2_0786AE28
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_07867CB00_2_07867CB0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_078677000_2_07867700
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_078676F10_2_078676F1
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_0786F4680_2_0786F468
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_078602810_2_07860281
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_078602900_2_07860290
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_0786A1B00_2_0786A1B0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_0786F1C00_2_0786F1C0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_078600070_2_07860007
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_078600400_2_07860040
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_0786BF190_2_0786BF19
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_0786AE170_2_0786AE17
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_0786DDB80_2_0786DDB8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_064967F90_2_064967F9
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_064968080_2_06496808
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_00C720500_2_00C72050
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00CC481A2_2_00CC481A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00CCA5982_2_00CCA598
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00CC8D002_2_00CC8D00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00CCF2F02_2_00CCF2F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00EE46A02_2_00EE46A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00EE45B02_2_00EE45B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00EED2602_2_00EED260
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC93782_2_00FC9378
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCA4182_2_00FCA418
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC00402_2_00FC0040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC003C2_2_00FC003C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC57402_2_00FC5740
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC573B2_2_00FC573B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC4A102_2_00FC4A10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCEB182_2_00FCEB18
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC6D102_2_00FC6D10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_011557002_2_01155700
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0115BA182_2_0115BA18
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_011569B02_2_011569B0
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.209922320.0000000000DC8000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameLockCookie.exe6 vs SecuriteInfo.com.Variant.Bulz.495766.21629.exe
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.216361890.00000000084F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs SecuriteInfo.com.Variant.Bulz.495766.21629.exe
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211514974.0000000004141000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameKygo.dll* vs SecuriteInfo.com.Variant.Bulz.495766.21629.exe
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211514974.0000000004141000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameBzKeZYkVrZOlbcFoquvemoWnfnzgWf.exe4 vs SecuriteInfo.com.Variant.Bulz.495766.21629.exe
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.215912050.0000000008130000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll@ vs SecuriteInfo.com.Variant.Bulz.495766.21629.exe
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeBinary or memory string: OriginalFilenameLockCookie.exe6 vs SecuriteInfo.com.Variant.Bulz.495766.21629.exe
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: 2.0.MSBuild.exe.400000.0.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 2.0.MSBuild.exe.400000.0.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 2.2.MSBuild.exe.400000.0.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 2.2.MSBuild.exe.400000.0.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: classification engineClassification label: mal100.spre.troj.spyw.evad.winEXE@3/1@1/1
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Variant.Bulz.495766.21629.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE id=@id;
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeVirustotal: Detection: 37%
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeReversingLabs: Detection: 30%
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe:Zone.IdentifierJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe'
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeStatic file information: File size 1559552 > 1048576
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x154400
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\alpHSWIRpA\src\obj\Debug\LockCookie.pdb source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe
                      Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\alpHSWIRpA\src\obj\Debug\LockCookie.pdb(c source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeCode function: 0_2_00C773C3 push 0000006Fh; ret 0_2_00C773CE
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00CC93E8 pushfd ; ret 2_2_00CC93E9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC9FE0 push E000CB47h; retf 2_2_00FC9FE2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCD04B push 68E800CBh; retf 2_2_00FCD052
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB2F0 push ebp; retf 2_2_00FCB33A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB2A0 push ebp; retf 2_2_00FCB2EA
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC329F push es; retf 2_2_00FC32A2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC329B push es; retf 2_2_00FC329E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC3251 push es; retf 2_2_00FC3252
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC3247 push es; retf 2_2_00FC324A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB3E8 push esi; retf 2_2_00FCB3EA
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB338 push ebp; retf 2_2_00FCB33A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB331 push esi; retf 2_2_00FCB332
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB4A0 push esi; retf 2_2_00FCB4A2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB498 push esi; retf 2_2_00FCB49A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB5E8 push edi; retf 2_2_00FCB62A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB5E0 push edi; retf 2_2_00FCB5E2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC65C8 pushad ; retf 2_2_00FC6609
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB598 push edi; retf 2_2_00FCB5DA
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB541 push edi; retf 2_2_00FCB542
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC66B8 pushfd ; retf 2_2_00FC66F9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB688 push edi; retf 2_2_00FCB71A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB638 push edi; retf 2_2_00FCB6D2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB630 push edi; retf 2_2_00FCB632
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FC6610 push esp; retf 2_2_00FC6611
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB778 push edi; retf 2_2_00FCB812
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB771 push edi; retf 2_2_00FCB772
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB721 push edi; retf 2_2_00FCB722
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB868 push edi; retf 2_2_00FCB8B2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB861 push edi; retf 2_2_00FCB862
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00FCB818 push edi; retf 2_2_00FCB85A
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.40188775709
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Yara detected AntiVM3Show sources
                      Source: Yara matchFile source: 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Variant.Bulz.495766.21629.exe PID: 5760, type: MEMORY
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 240000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239875Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239750Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239641Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239531Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239406Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239297Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239188Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239047Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238938Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238828Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238719Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238610Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238453Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238344Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238235Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238094Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237985Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237844Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237703Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237594Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237485Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237344Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237235Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237094Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236953Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236844Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236703Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236594Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236469Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236344Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236203Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236094Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235985Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235860Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235703Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235594Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235485Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235344Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235219Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235094Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 234985Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 234844Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 234703Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeWindow / User API: threadDelayed 6606Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeWindow / User API: threadDelayed 560Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 2117Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 7743Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -240000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -239875s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -239750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -239641s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -239531s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -239406s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -239297s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -239188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -239047s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -238938s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -238828s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -238719s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -238610s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -238453s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -238344s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -238235s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -238094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -237985s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -237844s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -237703s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -237594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -237485s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -237344s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -237235s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -237094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -236953s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -236844s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -236703s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -236594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -236469s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -236344s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -236203s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 5556Thread sleep time: -103054s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -236094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -235985s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -235860s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -235703s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -235594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -235485s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -235344s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -235219s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -235094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -234985s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -234844s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 160Thread sleep time: -234703s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe TID: 3396Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4912Thread sleep time: -11990383647911201s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4928Thread sleep count: 2117 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4928Thread sleep count: 7743 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 240000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239875Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239750Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239641Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239531Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239406Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239297Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239188Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 239047Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238938Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238828Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238719Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238610Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238453Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238344Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238235Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 238094Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237985Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237844Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237703Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237594Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237485Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237344Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237235Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 237094Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236953Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236844Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236703Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236594Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236469Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236344Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236203Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 103054Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 236094Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235985Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235860Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235703Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235594Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235485Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235344Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235219Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 235094Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 234985Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 234844Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 234703Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: MSBuild.exe, 00000002.00000002.472066088.0000000005C10000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: vmware
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: VMWARE
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: MSBuild.exe, 00000002.00000002.472066088.0000000005C10000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                      Source: MSBuild.exe, 00000002.00000002.472066088.0000000005C10000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                      Source: SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                      Source: MSBuild.exe, 00000002.00000002.472272962.0000000005D08000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: MSBuild.exe, 00000002.00000002.472066088.0000000005C10000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00CC84C0 LdrInitializeThunk,2_2_00CC84C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regionsShow sources
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 438000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 43A000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 94C008Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                      Source: MSBuild.exe, 00000002.00000002.466828073.0000000001500000.00000002.00000001.sdmpBinary or memory string: Program Manager
                      Source: MSBuild.exe, 00000002.00000002.466828073.0000000001500000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                      Source: MSBuild.exe, 00000002.00000002.466828073.0000000001500000.00000002.00000001.sdmpBinary or memory string: Progman
                      Source: MSBuild.exe, 00000002.00000002.466828073.0000000001500000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000000.00000002.211514974.0000000004141000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.208728671.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.463542809.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Bulz.495766.21629.exe.41f3898.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Bulz.495766.21629.exe.41f3898.1.raw.unpack, type: UNPACKEDPE
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000000.00000002.211514974.0000000004141000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.208728671.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.463542809.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Variant.Bulz.495766.21629.exe PID: 5760, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6036, type: MEMORY
                      Source: Yara matchFile source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Bulz.495766.21629.exe.41f3898.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Bulz.495766.21629.exe.41f3898.1.raw.unpack, type: UNPACKEDPE
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Tries to harvest and steal ftp login credentialsShow sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                      Tries to steal Mail credentials (via file access)Show sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: Yara matchFile source: 00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6036, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000000.00000002.211514974.0000000004141000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.208728671.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.463542809.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Bulz.495766.21629.exe.41f3898.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Bulz.495766.21629.exe.41f3898.1.raw.unpack, type: UNPACKEDPE
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000000.00000002.211514974.0000000004141000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.208728671.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.463542809.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Variant.Bulz.495766.21629.exe PID: 5760, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6036, type: MEMORY
                      Source: Yara matchFile source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Bulz.495766.21629.exe.41f3898.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Bulz.495766.21629.exe.41f3898.1.raw.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation211Path InterceptionProcess Injection212Masquerading1OS Credential Dumping2Query Registry1Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1Credentials in Registry1Security Software Discovery211Remote Desktop ProtocolArchive Collected Data11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion131Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Local System2Automated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection212NTDSVirtualization/Sandbox Evasion131Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information2Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing3DCSyncSystem Information Discovery114Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      SecuriteInfo.com.Variant.Bulz.495766.21629.exe38%VirustotalBrowse
                      SecuriteInfo.com.Variant.Bulz.495766.21629.exe30%ReversingLabsWin32.Trojan.AgentTesla

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      2.0.MSBuild.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File
                      2.2.MSBuild.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://cps.letsencrypt.org00%URL Reputationsafe
                      http://cps.letsencrypt.org00%URL Reputationsafe
                      http://cps.letsencrypt.org00%URL Reputationsafe
                      http://cps.letsencrypt.org00%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://api.ipify.org%h0%Avira URL Cloudsafe
                      http://XkSLco.com0%Avira URL Cloudsafe
                      http://www.tiro.com0%URL Reputationsafe
                      http://www.tiro.com0%URL Reputationsafe
                      http://www.tiro.com0%URL Reputationsafe
                      http://www.tiro.com0%URL Reputationsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://r3.i.lencr.org/00%URL Reputationsafe
                      http://r3.i.lencr.org/00%URL Reputationsafe
                      http://r3.i.lencr.org/00%URL Reputationsafe
                      http://r3.i.lencr.org/00%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.monotype.w0%Avira URL Cloudsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.founder.com.cn/cnn0%URL Reputationsafe
                      http://www.founder.com.cn/cnn0%URL Reputationsafe
                      http://www.founder.com.cn/cnn0%URL Reputationsafe
                      http://www.founder.com.cn/cnn0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://x1.c.lencr.org/00%URL Reputationsafe
                      http://x1.c.lencr.org/00%URL Reputationsafe
                      http://x1.c.lencr.org/00%URL Reputationsafe
                      http://x1.c.lencr.org/00%URL Reputationsafe
                      http://x1.i.lencr.org/00%URL Reputationsafe
                      http://x1.i.lencr.org/00%URL Reputationsafe
                      http://x1.i.lencr.org/00%URL Reputationsafe
                      http://x1.i.lencr.org/00%URL Reputationsafe
                      https://ntXEiMB2Wl.net0%Avira URL Cloudsafe
                      http://www.fontbureau.comm0%URL Reputationsafe
                      http://www.fontbureau.comm0%URL Reputationsafe
                      http://www.fontbureau.comm0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                      http://r3.o.lencr.org00%URL Reputationsafe
                      http://r3.o.lencr.org00%URL Reputationsafe
                      http://r3.o.lencr.org00%URL Reputationsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      smtp.vivaldi.net
                      		31.209.137.12
                      		truefalse
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://127.0.0.1:HTTP/1.1MSBuild.exe, 00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                          		high
                          http://www.fontbureau.comSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.com/designersGSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                              		high
                              http://DynDns.comDynDNSMSBuild.exe, 00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/?SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                		high
                                http://www.founder.com.cn/cn/bTheSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://cps.letsencrypt.org0MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haMSBuild.exe, 00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers?SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                  		high
                                  https://api.ipify.org%hMSBuild.exe, 00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  http://XkSLco.comMSBuild.exe, 00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.tiro.comSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://smtp.vivaldi.netMSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designersSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.goodfont.co.krSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.carterandcone.comlSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://r3.i.lencr.org/0MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sajatypeworks.comSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.monotype.wSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000003.203722944.00000000066B9000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.typography.netDSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designers/cabarga.htmlNSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.founder.com.cn/cn/cTheSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.founder.com.cn/cnnSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000003.200243346.0000000006693000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.galapagosdesign.com/staff/dennis.htmSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000003.202971106.00000000066B9000.00000004.00000001.sdmp, SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://fontfabrik.comSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.founder.com.cn/cnSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers/frere-jones.htmlSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                            		high
                                            http://x1.c.lencr.org/0MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://x1.i.lencr.org/0MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://ntXEiMB2Wl.netMSBuild.exe, 00000002.00000002.468955537.0000000002EB5000.00000004.00000001.sdmp, MSBuild.exe, 00000002.00000002.469422139.0000000002F3E000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.fontbureau.commSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.213272834.0000000006680000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://r3.o.lencr.org0MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designers8SecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                              		high
                                              https://api.ipify.org%GETMozilla/5.0MSBuild.exe, 00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		low
                                              http://www.fonts.comSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.sandoll.co.krSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.urwpp.deDPleaseSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.zhongyicts.com.cnSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211190070.0000000003141000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://www.sakkal.comSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.214654547.0000000007892000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipSecuriteInfo.com.Variant.Bulz.495766.21629.exe, 00000000.00000002.211514974.0000000004141000.00000004.00000001.sdmp, MSBuild.exe, 00000002.00000000.208728671.0000000000402000.00000040.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://cps.root-x1.letsencrypt.org0MSBuild.exe, 00000002.00000002.469288125.0000000002F12000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown

                                                  Contacted IPs

                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs

                                                  Public

                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  31.209.137.12
                                                  		smtp.vivaldi.netIceland
                                                  		51896HRINGDU-ASISfalse

                                                  General Information

                                                  Joe Sandbox Version:32.0.0 Black Diamond
                                                  Analysis ID:433461
                                                  Start date:11.06.2021
                                                  Start time:22:38:25
                                                  Joe Sandbox Product:CloudBasic
                                                  Overall analysis duration:0h 8m 24s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Sample file name:SecuriteInfo.com.Variant.Bulz.495766.21629.30464 (renamed file extension from 30464 to exe)
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                  Number of analysed new started processes analysed:23
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:0
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • HDC enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Detection:MAL
                                                  Classification:mal100.spre.troj.spyw.evad.winEXE@3/1@1/1
                                                  EGA Information:Failed
                                                  HDC Information:Failed
                                                  HCA Information:
                                                  • Successful, ratio: 99%
                                                  • Number of executed functions: 101
                                                  • Number of non-executed functions: 12
                                                  Cookbook Comments:
                                                  • Adjust boot time
                                                  • Enable AMSI
                                                  Warnings:
                                                  Show All
                                                  • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                  • Excluded IPs from analysis (whitelisted): 40.88.32.150, 204.79.197.200, 13.107.21.200, 104.43.139.144, 20.49.157.6, 184.30.20.56, 20.54.26.129, 20.82.210.154, 92.122.213.194, 92.122.213.247
                                                  • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, skypedataprdcoleus15.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, www-bing-com.dual-a-0001.a-msedge.net, iris-de-ppe-azsc-uks.uksouth.cloudapp.azure.com, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net
                                                  • Not all processes where analyzed, report is missing behavior information
                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  22:40:01API Interceptor45x Sleep call for process: SecuriteInfo.com.Variant.Bulz.495766.21629.exe modified
                                                  22:40:17API Interceptor788x Sleep call for process: MSBuild.exe modified

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  31.209.137.12COMMERCIAL INVOICE.exeGet hashmaliciousBrowse
                                                    Scan 07.07.2021# 99147.exeGet hashmaliciousBrowse
                                                      Quotes 04.06.2021.exeGet hashmaliciousBrowse
                                                        Quotes 07.06.2021.exeGet hashmaliciousBrowse
                                                          Proforma Invoice.pdf.exeGet hashmaliciousBrowse
                                                            PAYMENT FOR MS FOB 3-2027.exeGet hashmaliciousBrowse
                                                              Scan 03.06.2021.exeGet hashmaliciousBrowse
                                                                PAYMENT FOR MS FOB 3-2027.exeGet hashmaliciousBrowse
                                                                  PAYMENT FOR MS FOB 3-2027.exeGet hashmaliciousBrowse
                                                                    Scan 31.05.2021.exeGet hashmaliciousBrowse
                                                                      PAYMENT FOR MS FOB 4-25.exeGet hashmaliciousBrowse
                                                                        11,000euro.exeGet hashmaliciousBrowse
                                                                          PURCHASE ORDER..exeGet hashmaliciousBrowse
                                                                            PO2000254..exeGet hashmaliciousBrowse
                                                                              BL Draft and Packing List.exeGet hashmaliciousBrowse
                                                                                Purchase order.exeGet hashmaliciousBrowse
                                                                                  Y0wdyuqBy1mI2Y0.exeGet hashmaliciousBrowse
                                                                                    Items specifications.exeGet hashmaliciousBrowse
                                                                                      SOA.exeGet hashmaliciousBrowse
                                                                                        orders list.exeGet hashmaliciousBrowse

                                                                                          Domains

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                          smtp.vivaldi.netCOMMERCIAL INVOICE.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Scan 07.07.2021# 99147.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Quotes 04.06.2021.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Quotes 07.06.2021.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Proforma Invoice.pdf.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          PAYMENT FOR MS FOB 3-2027.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Scan 03.06.2021.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          PAYMENT FOR MS FOB 3-2027.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          PAYMENT FOR MS FOB 3-2027.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Scan 31.05.2021.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          PAYMENT FOR MS FOB 4-25.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          11,000euro.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          PURCHASE ORDER..exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          PO2000254..exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          BL Draft and Packing List.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Purchase order.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Y0wdyuqBy1mI2Y0.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Items specifications.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          SOA.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          orders list.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12

                                                                                          ASN

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                          HRINGDU-ASISCOMMERCIAL INVOICE.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Scan 07.07.2021# 99147.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Quotes 04.06.2021.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Quotes 07.06.2021.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Proforma Invoice.pdf.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          PAYMENT FOR MS FOB 3-2027.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Scan 03.06.2021.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          PAYMENT FOR MS FOB 3-2027.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          PAYMENT FOR MS FOB 3-2027.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Scan 31.05.2021.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          PAYMENT FOR MS FOB 4-25.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          11,000euro.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          PURCHASE ORDER..exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          PO2000254..exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          BL Draft and Packing List.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Purchase order.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Y0wdyuqBy1mI2Y0.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          Items specifications.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          SOA.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12
                                                                                          orders list.exeGet hashmaliciousBrowse
                                                                                          • 31.209.137.12

                                                                                          JA3 Fingerprints

                                                                                          No context

                                                                                          Dropped Files

                                                                                          No context

                                                                                          Created / dropped Files

                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Variant.Bulz.495766.21629.exe.log
                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):1400
                                                                                          Entropy (8bit):5.344635889251176
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEg:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHV
                                                                                          MD5:394E646B019FF472CE37EE76A647A27F
                                                                                          SHA1:BD5872D88EE9CD2299B5F0E462C53D9E7040D6DA
                                                                                          SHA-256:2295A0B1F6ACD75FB5D038ADE65725EDF3DDF076107AEA93E4A864E35974AE2A
                                                                                          SHA-512:7E95510C85262998AECC9A06A73A5BF6352304AF6EE143EC7E48A17473773F33A96A2F4146446444789B8BCC9B83372A227DC89C3D326A2E142BCA1E1A9B4809
                                                                                          Malicious:true
                                                                                          Reputation:moderate, very likely benign file
                                                                                          Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Entropy (8bit):7.312014372881712
                                                                                          TrID:
                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                          File name:SecuriteInfo.com.Variant.Bulz.495766.21629.exe
                                                                                          File size:1559552
                                                                                          MD5:755aff3a424238b026f8d547783ecbd8
                                                                                          SHA1:d3c73271b3751043cdeb732e4c473fe462fbcd24
                                                                                          SHA256:41cba03f4c6ce7e24b6f2d9f146a8cb82e9a43236859e82f14b225c2232adc5b
                                                                                          SHA512:12b6e09d9c23b459e1d4ba9955a746be2e8ca6a9f905986522416551fd90e6b906126ffa1e3695ec525204e3e7dd8ae034acb01d7704b13f3c588783c9d79710
                                                                                          SSDEEP:24576:OzSYNeBUdtwsEgwsHe/z8YEoqSg5LlJfH6zMIDsxTt8T2i9PGMbto2/siDUeuc/T:dYwBUwsEgwsHe5U/BldOSe+0eosic4YC
                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L..`..............P..D..........Rc... ........@.. .......................@............@................................

                                                                                          File Icon

                                                                                          Icon Hash:e0c6a169f4bed870

                                                                                          Static PE Info

                                                                                          General

                                                                                          Entrypoint:0x556352
                                                                                          Entrypoint Section:.text
                                                                                          Digitally signed:false
                                                                                          Imagebase:0x400000
                                                                                          Subsystem:windows gui
                                                                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                          Time Stamp:0x60C31E4C [Fri Jun 11 08:26:52 2021 UTC]
                                                                                          TLS Callbacks:
                                                                                          CLR (.Net) Version:v4.0.30319
                                                                                          OS Version Major:4
                                                                                          OS Version Minor:0
                                                                                          File Version Major:4
                                                                                          File Version Minor:0
                                                                                          Subsystem Version Major:4
                                                                                          Subsystem Version Minor:0
                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                          Entrypoint Preview

                                                                                          Instruction
                                                                                          jmp dword ptr [00402000h]
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al

                                                                                          Data Directories

                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1563000x4f.text
                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1580000x28344.rsrc
                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1820000xc.reloc
                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x1561c80x1c.text
                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                          Sections

                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                          .text0x20000x1543580x154400False0.700508156916data7.40188775709IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                          .rsrc0x1580000x283440x28400False0.599773146351data6.35187960045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .reloc0x1820000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                          Resources

                                                                                          NameRVASizeTypeLanguageCountry
                                                                                          RT_ICON0x1581a00x468GLS_BINARY_LSB_FIRST
                                                                                          RT_ICON0x1586180x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
                                                                                          RT_ICON0x1596d00x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                                                                                          RT_ICON0x15bc880x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
                                                                                          RT_ICON0x15fec00x10828dBase III DBT, version number 0, next free block index 40
                                                                                          RT_ICON0x1706f80xf255PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                          RT_GROUP_ICON0x17f9600x5adata
                                                                                          RT_VERSION0x17f9cc0x386data
                                                                                          RT_MANIFEST0x17fd640x5daXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                          Imports

                                                                                          DLLImport
                                                                                          mscoree.dll_CorExeMain

                                                                                          Version Infos

                                                                                          DescriptionData
                                                                                          Translation0x0000 0x04b0
                                                                                          LegalCopyrightCopyright 2015 Benz
                                                                                          Assembly Version1.6.0.65
                                                                                          InternalNameLockCookie.exe
                                                                                          FileVersion1.6.0.65
                                                                                          CompanyNameTown and Country Convenience Stores
                                                                                          LegalTrademarks
                                                                                          Comments
                                                                                          ProductNameCDWorkFlow
                                                                                          ProductVersion1.6.0.65
                                                                                          FileDescriptionCDWorkFlow
                                                                                          OriginalFilenameLockCookie.exe

                                                                                          Network Behavior

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Jun 11, 2021 22:39:06.265878916 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.277220011 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.303915024 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.304405928 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.321443081 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.322617054 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.323179007 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.323216915 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.323338985 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.323386908 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.324944019 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.325073004 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.330882072 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.334189892 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.334244013 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.334283113 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.334319115 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.334364891 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.334387064 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.334435940 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.334444046 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.334448099 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.334453106 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.340457916 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.358108997 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.359081030 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.359152079 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.359189987 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.359219074 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.359216928 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.359267950 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.359276056 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.359281063 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.361131907 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.361818075 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.361859083 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.361896038 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.361916065 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.361934900 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.361947060 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.361953020 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.364557028 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.364623070 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.364646912 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.378262043 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.382041931 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.382098913 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.382139921 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.382149935 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.382164001 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.382191896 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.382209063 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.382231951 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.382253885 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.382282972 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.382289886 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.382347107 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.384634018 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.384708881 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.397409916 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.397866964 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.397913933 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.398026943 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.398073912 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.855281115 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.867005110 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.889128923 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.893404007 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.912456989 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.912870884 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.912921906 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.912995100 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.913045883 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.913933992 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.913985014 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.914016962 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.914037943 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.914185047 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.916258097 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.916300058 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.916405916 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.918585062 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.918768883 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.924046993 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.924483061 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.924525976 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.924575090 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.924619913 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.926600933 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.926736116 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.946232080 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.946636915 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.946682930 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.946738005 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.946775913 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.947607040 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.948251009 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.948291063 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.948328018 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.948368073 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.948721886 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.948761940 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.948812008 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.948843002 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.950314045 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.950355053 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.950401068 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.950453997 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.951436043 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.951479912 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.951524019 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.951559067 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.952904940 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.952961922 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.953000069 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.953039885 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.954080105 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.954123020 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.954166889 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.954205990 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.955552101 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.955605030 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.955667973 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.955710888 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.956828117 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.956871986 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.956929922 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.956981897 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.959485054 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.959530115 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.959592104 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.959666967 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.962240934 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.962282896 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.962388039 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.964956045 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.964998960 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.965126991 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.965173006 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.966212034 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.967180014 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.967223883 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.967303991 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.967354059 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.967545033 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.967587948 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.967617989 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.967643023 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.968852043 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.968894958 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.968990088 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.969036102 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.970231056 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.970274925 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.970313072 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.970333099 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.971532106 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.971556902 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.971693039 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.972938061 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.972987890 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.973006964 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.973047018 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.974132061 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.974183083 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.974219084 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.974248886 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.975604057 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.975687981 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.976804972 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.976855040 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.976964951 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.977010012 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.977905989 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.979439974 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.979477882 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.979612112 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.979940891 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.982111931 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.982165098 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.982184887 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.982234001 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.984982967 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.985025883 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.985101938 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.985213041 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.987595081 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.987658978 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.987677097 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.987718105 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.990278959 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.990320921 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.990365028 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.990391970 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.990400076 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.990431070 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.990461111 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.990479946 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.990485907 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.990524054 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.990537882 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.990564108 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.990586042 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.990603924 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.990622044 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.990654945 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.992867947 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.992908955 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.993005991 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.993060112 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.993272066 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.993333101 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.995413065 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.995451927 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.995493889 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:06.995517969 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.021094084 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.021286011 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.022731066 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.022775888 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.022856951 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.022903919 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.025362968 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.025413990 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.025500059 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.025547028 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.027734995 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.027775049 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.027870893 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.027916908 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.029508114 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.029547930 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.029608965 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.029656887 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.032166004 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.032207012 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.032248974 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.032273054 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.034957886 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.034998894 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.035060883 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.035104036 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.037620068 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.037664890 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.037722111 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.037770033 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.040302992 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.040345907 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.040430069 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.040476084 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.042962074 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.043001890 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.043083906 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.043129921 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.045641899 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.045692921 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.045749903 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.045793056 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.048233032 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.048275948 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.048353910 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.048402071 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.050857067 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.050904989 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.050954103 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.051004887 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.053611994 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.053658009 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.053709984 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.053755999 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.056055069 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.056097984 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.056157112 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.056202888 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.058469057 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.058517933 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.058612108 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.058657885 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.060873985 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.060914993 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.061013937 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.061059952 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.063256979 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.063304901 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.063405037 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.063451052 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.065623999 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.065666914 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.065742970 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.065789938 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.067934990 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.067975998 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.068037987 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.068080902 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.070324898 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.070367098 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.070466995 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.070512056 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.074922085 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.074960947 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.075025082 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.075069904 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.076407909 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.076438904 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.076535940 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.076581955 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.356307983 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.402544022 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.410708904 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.410768032 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.410897017 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.410897017 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.410928965 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.410954952 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.415859938 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.429513931 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.436564922 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.448765993 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.466610909 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.467456102 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.467511892 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.467701912 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.469405890 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.469450951 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.469599962 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.469994068 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.470036030 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.470101118 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.470151901 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.470438004 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.470478058 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.470508099 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.470536947 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.471349001 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.471393108 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.471436024 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.471462011 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.472103119 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.472142935 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.472182035 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.472181082 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.472213984 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.472220898 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.472254038 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.472275019 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.473061085 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.473115921 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.473140955 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.473176003 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.473936081 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.473985910 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.474018097 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.474040031 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.474850893 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.474900961 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.474924088 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.474942923 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.474966049 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.474981070 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.475014925 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.475032091 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.475708008 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.475749016 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.475791931 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.475819111 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.476542950 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.476618052 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.477762938 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.477804899 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.477844954 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.477869987 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.480675936 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.480720043 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.480750084 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.480786085 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.483628988 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.483673096 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.483700991 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.483724117 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.486309052 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.486351013 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.486392021 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.486417055 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.487082005 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.487153053 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.487191916 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.487241030 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.488363028 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.488405943 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.488449097 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.488468885 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.489088058 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.489130974 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.489157915 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.489182949 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.491013050 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.491049051 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.491077900 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.491100073 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.491497040 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.491538048 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.491565943 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.491590023 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.491951942 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.491993904 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.492010117 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.492053032 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.492813110 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.492854118 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.492882013 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.492898941 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.494781971 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.494827032 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.494857073 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.494883060 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.495457888 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.495501041 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.495520115 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.495548010 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.497618914 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.497651100 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.497692108 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.497718096 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.498048067 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.498086929 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.498114109 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.498136044 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.500720024 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.500765085 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.500802040 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.500824928 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.503449917 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.503500938 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.503534079 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.503559113 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.506114960 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.506150961 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.506181002 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.506211996 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.506248951 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.506259918 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.506297112 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.506347895 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.507534027 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.507576942 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.507675886 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.507724047 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.640738964 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.705435991 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.705528021 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.705753088 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.706744909 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.706804037 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.706901073 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.709433079 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.709485054 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.709558964 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.709742069 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.712157965 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.712199926 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.712217093 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.712250948 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.714893103 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.714934111 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.714951992 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.714988947 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.717526913 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.717571020 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.717591047 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.717624903 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.723445892 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.723651886 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.723961115 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.724033117 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.724231958 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.724265099 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.724294901 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:07.724317074 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.074331999 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.104307890 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.116504908 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.129920006 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.138540983 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.141026020 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.141092062 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.141202927 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.141231060 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.142309904 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.142362118 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.142447948 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.142471075 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.144999981 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.145051003 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.145083904 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.145104885 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.147433043 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.147710085 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.147752047 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.147784948 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.147809029 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.150496006 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.150538921 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.150569916 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.150594950 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.153229952 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.153270006 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.153301001 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.153328896 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.155992031 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.156033993 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.156064034 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.156089067 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.158755064 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.158795118 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.158839941 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.158865929 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.161530018 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.161571026 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.161603928 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.161627054 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.163640976 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.163681984 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.163727999 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.163758993 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.164191961 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.164232016 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.164259911 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.164282084 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.164856911 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.164897919 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.164915085 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.164952040 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.166935921 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.166976929 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.166992903 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.167027950 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.167522907 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.167563915 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.167579889 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.167615891 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.169692039 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.169738054 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.169750929 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.169797897 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.170182943 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.170226097 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.170241117 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.170279026 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.171497107 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.171538115 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.171565056 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.171587944 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.172421932 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.172462940 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.172492027 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.172514915 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.172854900 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.172897100 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.172929049 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.172945023 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.172945023 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.172991037 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.173005104 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.173039913 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.175185919 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.175226927 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.175266981 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.175301075 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.175462961 CEST4434970092.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.175506115 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.175539017 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.175544977 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.175561905 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.175596952 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.177922010 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.177966118 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.177999973 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.178047895 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.178224087 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.178265095 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.178303003 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.178339005 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.180795908 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.180835962 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.180871010 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.180872917 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.180911064 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.180921078 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.180939913 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.180970907 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.183540106 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.183579922 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.183619976 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.183626890 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.183665991 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.183670044 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.183684111 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.183727026 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.186377048 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.186435938 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.186475039 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.186512947 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.186683893 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.186691046 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.186703920 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.186713934 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.187356949 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.187396049 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.187444925 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.187475920 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.188630104 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.188671112 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.188710928 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.188735962 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.188767910 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.188807964 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.188829899 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.188848972 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.188863993 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.188888073 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.188915014 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.188941002 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.191234112 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.191277027 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.191308975 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.191330910 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.191441059 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.191479921 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.191500902 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.191536903 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.191585064 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.191627979 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.191653013 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.191675901 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.193958998 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.194000006 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.194027901 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.194051981 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.194072962 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.194114923 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.194137096 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.194169998 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.194335938 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.194379091 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.194394112 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.194432020 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.195955992 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.196000099 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.196043968 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.196083069 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.196484089 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.196552992 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.197096109 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.197134972 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.197150946 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.197179079 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.199836016 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.199877024 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.199902058 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.199928045 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.202589035 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.202629089 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.202656984 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.202682018 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.205136061 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.205177069 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.205214024 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.205240011 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.205324888 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.205374956 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.205385923 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.205434084 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.206144094 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.206183910 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.206214905 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.206239939 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.208076000 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.208116055 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.208143950 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.208165884 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.208436012 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.208477020 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.208503962 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.208549976 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.210727930 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.210771084 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.210798979 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.210818052 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.210824013 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.210861921 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.210886002 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.210911036 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.213036060 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.213077068 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.213100910 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.213126898 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.213531017 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.213572025 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.213589907 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.213628054 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.215338945 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.215387106 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.215404987 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.215460062 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.216342926 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.216387033 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.216414928 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.216445923 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.217650890 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.217694998 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.217716932 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.217745066 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.219048977 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.219091892 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.219126940 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.219176054 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.219944954 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.219989061 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.220027924 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.220048904 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.220515966 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.220580101 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.221684933 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.221728086 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.221755981 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.221765995 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.221788883 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.221806049 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.221827030 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.221863985 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.222238064 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.222278118 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.222316980 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.222337008 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.224534035 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.224575043 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.224611044 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.224623919 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.224644899 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.224668026 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.224689960 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.224730968 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.226941109 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.226983070 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.227062941 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.227261066 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.227303982 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.227329016 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.227360964 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.229156017 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.229202032 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.229227066 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.229249001 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.230010986 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.230052948 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.230123997 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.230145931 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.231477022 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.231520891 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.231553078 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.231575012 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.232784033 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.232827902 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.232858896 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.232889891 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.233763933 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.233805895 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.233844995 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.233869076 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.235513926 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.235558033 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.235574961 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.235610962 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.236043930 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.236087084 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.236107111 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.236135006 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.238265038 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.238308907 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.238339901 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.238348007 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.238373041 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.238387108 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.238418102 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.238435030 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.240690947 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.240735054 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.240758896 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.240786076 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.240956068 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.240999937 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.241024017 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.241056919 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.242955923 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.243027925 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.243684053 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.243727922 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.243758917 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.243783951 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.246253014 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.246309996 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.246352911 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.246380091 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.248708963 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.248754025 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.248814106 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.248861074 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.251049995 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.251153946 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.510598898 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.561852932 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.575201988 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.575262070 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.575408936 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.575444937 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.575459003 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.575500011 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.575522900 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.575557947 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.576503992 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.576560974 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.576591969 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.576622009 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.577297926 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.577342987 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.577385902 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.577419996 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.577436924 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.578321934 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.578366041 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.578397036 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.578418970 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.579272985 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.579312086 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.579345942 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.579371929 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.580245972 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.580288887 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.580318928 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.580342054 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.581175089 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.581216097 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.581244946 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.581264973 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.582122087 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.582165003 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.582195997 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.582220078 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.583091974 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.583158970 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.583163977 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.583209991 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.584037066 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.584081888 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.584110022 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.584126949 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.585001945 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.585038900 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.585073948 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.585097075 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.585927010 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.585971117 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.586007118 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.586030006 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.586877108 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.586915016 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.586955070 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.586982012 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.587877035 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.587919950 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.587955952 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.587980986 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.588787079 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.588824987 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.588856936 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.588886976 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.589764118 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.589807987 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.589842081 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.589868069 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.590740919 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.590780020 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.590815067 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.590838909 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.591661930 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.591706038 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.591737986 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.591756105 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.592595100 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.592633009 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.592663050 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.592684031 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.593590975 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.593632936 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.593678951 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.593704939 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.594517946 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.594556093 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.594578981 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.594607115 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.595493078 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.595535994 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.595571041 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.595596075 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.596434116 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.596474886 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.596506119 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.596528053 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.597451925 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.597496033 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.597527981 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.597553015 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.598340988 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.598382950 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.598411083 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.598431110 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.599294901 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.599338055 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.599370956 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.599395990 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.600271940 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.600315094 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.600344896 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.600367069 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.600662947 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.601181030 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.601224899 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.601255894 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.601281881 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.601723909 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.602143049 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.602183104 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.602216005 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.602241039 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.603053093 CEST4434969892.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.603127956 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.619254112 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.619304895 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.619369984 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.619400024 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.620214939 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.620265007 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.620287895 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.620343924 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.622112989 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.622164965 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.622181892 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.622225046 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.623965979 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.624010086 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.624039888 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.624063969 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.625869036 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.625914097 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.625947952 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.625974894 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.627772093 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.627818108 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.627850056 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.627876997 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.629667044 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.629712105 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.629744053 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.629777908 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.631545067 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.631592989 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.631616116 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.631644011 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.633476019 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.633523941 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.633547068 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.633579969 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.634782076 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.634828091 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.634892941 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.634927034 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.635319948 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.635364056 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.635385036 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.635416985 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.635495901 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.635538101 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.635572910 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.635588884 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.637065887 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.637110949 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.637149096 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.637154102 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.637166977 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.637187004 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.637207985 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.637243986 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.638629913 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.638673067 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.638695955 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.638720036 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.639096975 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.639170885 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.639173031 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.639240026 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.640129089 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.640173912 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.640203953 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.640223026 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.641017914 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.641061068 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.641088009 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.641108990 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.641649008 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.641691923 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.641717911 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.641757011 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.642901897 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.642940998 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.642977953 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.643002033 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.643172026 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.643210888 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.643241882 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.643266916 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.644716978 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.644756079 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.644795895 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.644815922 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.644831896 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.644835949 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.644854069 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.644896984 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.646261930 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.646311998 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.646342993 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.646369934 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.646671057 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.646719933 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.646738052 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.646780014 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.647790909 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.647830009 CEST4434969992.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.647871971 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.647900105 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.648556948 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.648597956 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.648622036 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.648648024 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.650495052 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.650535107 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.650556087 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.650594950 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.652345896 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.652385950 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.652411938 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.652434111 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.654268026 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.654313087 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.654336929 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.654381037 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.656150103 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.656191111 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.656213999 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.656248093 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.656864882 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.656904936 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.656941891 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.657289982 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.657334089 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.657344103 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.657380104 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.657386065 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.657968044 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.658010960 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.658030987 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.658050060 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.658070087 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.658090115 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.658123016 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.658128977 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.658144951 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.658169031 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.658184052 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.658221960 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.659033060 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.659065962 CEST4434969792.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.659090996 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.659107924 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.659264088 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.659300089 CEST4434969692.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.659328938 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.659352064 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.659890890 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.659929037 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.659953117 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.659981966 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.661856890 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.661895037 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.661926031 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.661952019 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.663708925 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.663747072 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.663775921 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.663805962 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.665608883 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.665648937 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.665692091 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.665716887 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.667496920 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.667537928 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.667581081 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.667604923 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.669373989 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.669415951 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.669461012 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.669487953 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.677155972 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.677212000 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.677246094 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.677269936 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.677825928 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.677865028 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.677889109 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.677913904 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.679423094 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.679464102 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.679483891 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.679516077 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.681308031 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.681349039 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.681379080 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.681400061 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.683204889 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.683245897 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.683269978 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.683295965 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.685098886 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.685139894 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.685178995 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.685209036 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.687012911 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.687057972 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.687093019 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.687118053 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.688878059 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.688921928 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.688941002 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.688987970 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.690766096 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.690812111 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.690843105 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.691813946 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.692666054 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.692708969 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.692739010 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.692764044 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.694562912 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.694607019 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.694633961 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.694658995 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.696440935 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.696484089 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.696507931 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.696533918 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.698345900 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.698389053 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.698414087 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.698440075 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.700231075 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.700273037 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.700298071 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.700329065 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.702107906 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.702152014 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.702168941 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.702209949 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.704108953 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.704152107 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.704176903 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.704210043 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.705918074 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.705960989 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.705986023 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.706013918 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.707798004 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.707843065 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.707865953 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.707896948 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.709693909 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.709737062 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.709758997 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.709806919 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.711397886 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.711441994 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.711463928 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.711493969 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.713216066 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.713258028 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.713278055 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.713310957 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.714764118 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.714807987 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.714823961 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.714859962 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.716434002 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.716478109 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.716492891 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.716533899 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.717921019 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.717961073 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.717983007 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.718007088 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.719508886 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.719552040 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.719572067 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.719604969 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.720973015 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.721005917 CEST4434970292.122.145.220192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.721040964 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:08.721061945 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:09.819173098 CEST49696443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:09.819281101 CEST49697443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:09.819309950 CEST49698443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:09.819554090 CEST49700443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:09.819576025 CEST49699443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:09.819607019 CEST49702443192.168.2.392.122.145.220
                                                                                          Jun 11, 2021 22:39:09.819859028 CEST4970480192.168.2.393.184.220.29
                                                                                          Jun 11, 2021 22:39:22.157813072 CEST4968880192.168.2.393.184.221.240
                                                                                          Jun 11, 2021 22:39:36.941704988 CEST49686443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:36.941754103 CEST49686443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:36.953443050 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.005609035 CEST4434968640.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.005652905 CEST4434968640.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.022865057 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.022967100 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.023175955 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.046022892 CEST4434968640.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.091571093 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.091628075 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.091666937 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.091700077 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.091706038 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.091741085 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.091768026 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.097251892 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.143946886 CEST4434968640.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.144005060 CEST4434968640.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.144043922 CEST4434968640.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.144083023 CEST4434968640.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.144088984 CEST49686443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.144120932 CEST4434968640.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.144149065 CEST49686443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.144171000 CEST4434968640.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.144213915 CEST4434968640.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.144256115 CEST4434968640.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.144280910 CEST49686443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.144293070 CEST4434968640.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.144304037 CEST49686443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.165419102 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.166054964 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.166147947 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.187078953 CEST49694443192.168.2.3184.30.21.219
                                                                                          Jun 11, 2021 22:39:37.190606117 CEST4969580192.168.2.393.184.220.29
                                                                                          Jun 11, 2021 22:39:37.192044973 CEST49686443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.232759953 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.232803106 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.248941898 CEST4968980192.168.2.393.184.221.240
                                                                                          Jun 11, 2021 22:39:37.249077082 CEST4969280192.168.2.393.184.220.29
                                                                                          Jun 11, 2021 22:39:37.274708986 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.372416019 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.372474909 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.372514009 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.372553110 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.372581959 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.372590065 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.372622967 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.372638941 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.372683048 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.372699976 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.372723103 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.372761965 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.372778893 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:39:37.426522017 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:40:00.849592924 CEST804968093.184.220.29192.168.2.3
                                                                                          Jun 11, 2021 22:40:00.849741936 CEST4968080192.168.2.393.184.220.29
                                                                                          Jun 11, 2021 22:40:01.444533110 CEST4968480192.168.2.384.53.167.113
                                                                                          Jun 11, 2021 22:40:01.444869041 CEST49685443192.168.2.32.17.179.193
                                                                                          Jun 11, 2021 22:40:01.487303019 CEST443496852.17.179.193192.168.2.3
                                                                                          Jun 11, 2021 22:40:01.487349033 CEST443496852.17.179.193192.168.2.3
                                                                                          Jun 11, 2021 22:40:01.487536907 CEST49685443192.168.2.32.17.179.193
                                                                                          Jun 11, 2021 22:40:01.487921000 CEST49685443192.168.2.32.17.179.193
                                                                                          Jun 11, 2021 22:40:01.490222931 CEST804968484.53.167.113192.168.2.3
                                                                                          Jun 11, 2021 22:40:01.490289927 CEST4968480192.168.2.384.53.167.113
                                                                                          Jun 11, 2021 22:40:01.835073948 CEST4969080192.168.2.32.20.142.209
                                                                                          Jun 11, 2021 22:40:01.835205078 CEST4969380192.168.2.32.20.142.209
                                                                                          Jun 11, 2021 22:40:01.877500057 CEST80496902.20.142.209192.168.2.3
                                                                                          Jun 11, 2021 22:40:01.877543926 CEST80496932.20.142.209192.168.2.3
                                                                                          Jun 11, 2021 22:40:01.877624035 CEST4969080192.168.2.32.20.142.209
                                                                                          Jun 11, 2021 22:40:01.879898071 CEST4969380192.168.2.32.20.142.209
                                                                                          Jun 11, 2021 22:40:50.423033953 CEST4968080192.168.2.393.184.220.29
                                                                                          Jun 11, 2021 22:40:50.423094988 CEST49701443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:40:50.423194885 CEST49686443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:40:50.423219919 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:40:50.465403080 CEST804968093.184.220.29192.168.2.3
                                                                                          Jun 11, 2021 22:40:50.465506077 CEST4968080192.168.2.393.184.220.29
                                                                                          Jun 11, 2021 22:40:50.485333920 CEST4434968640.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:40:50.485389948 CEST4434970140.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:40:50.485502005 CEST49686443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:40:50.485518932 CEST49701443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:40:50.490730047 CEST4434972740.126.31.1192.168.2.3
                                                                                          Jun 11, 2021 22:40:50.492209911 CEST49727443192.168.2.340.126.31.1
                                                                                          Jun 11, 2021 22:40:58.156143904 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:40:58.244702101 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:40:58.244848967 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:40:58.887758017 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:40:58.888362885 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:40:58.976969004 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:40:58.977018118 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:40:58.977689981 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:40:59.066626072 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:40:59.120971918 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:40:59.162698984 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:40:59.253985882 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:40:59.254070997 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:40:59.254110098 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:40:59.254137993 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:40:59.254236937 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:40:59.254328966 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:40:59.344862938 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:40:59.357770920 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:40:59.450923920 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:40:59.495884895 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:40:59.689078093 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:40:59.779562950 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:40:59.782860041 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:40:59.873972893 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:40:59.875341892 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:41:00.006282091 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:41:00.055047035 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:41:00.056489944 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:41:00.145306110 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:41:00.147224903 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:41:00.148137093 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:41:00.259701014 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:41:00.260592937 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:41:00.349737883 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:41:00.355321884 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:41:00.355814934 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:41:00.356060982 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:41:00.356282949 CEST49743587192.168.2.331.209.137.12
                                                                                          Jun 11, 2021 22:41:00.444400072 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:41:00.444458961 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:41:00.462733984 CEST5874974331.209.137.12192.168.2.3
                                                                                          Jun 11, 2021 22:41:00.511574984 CEST49743587192.168.2.331.209.137.12

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Jun 11, 2021 22:39:05.731982946 CEST5754453192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:05.782258987 CEST53575448.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:05.893630981 CEST5598453192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:05.952163935 CEST53559848.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:06.634912014 CEST6418553192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:06.685136080 CEST53641858.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:07.827167988 CEST6511053192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:07.880311012 CEST53651108.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:08.739110947 CEST5836153192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:08.789448977 CEST53583618.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:09.805201054 CEST6349253192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:09.858577967 CEST53634928.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:10.771236897 CEST6083153192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:10.824378014 CEST53608318.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:11.664033890 CEST6010053192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:11.720141888 CEST53601008.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:12.610152006 CEST5319553192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:12.660428047 CEST53531958.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:13.526396990 CEST5014153192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:13.577056885 CEST53501418.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:14.422760963 CEST5302353192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:14.473393917 CEST53530238.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:15.320560932 CEST4956353192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:15.371273041 CEST53495638.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:16.249819040 CEST5135253192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:16.302109003 CEST53513528.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:17.213639975 CEST5934953192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:17.265398979 CEST53593498.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:18.048686028 CEST5708453192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:18.100938082 CEST53570848.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:18.947227001 CEST5882353192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:18.998800993 CEST53588238.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:19.720165968 CEST5756853192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:19.770487070 CEST53575688.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:20.510678053 CEST5054053192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:20.563721895 CEST53505408.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:21.316565037 CEST5436653192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:21.367058992 CEST53543668.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:37.668231010 CEST5303453192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:37.732057095 CEST53530348.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:45.046896935 CEST5776253192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:45.121165991 CEST53577628.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:39:52.277676105 CEST5543553192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:39:52.344403028 CEST53554358.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:40:14.034076929 CEST5071353192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:40:14.101481915 CEST53507138.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:40:20.769404888 CEST5613253192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:40:20.830141068 CEST53561328.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:40:52.005362034 CEST5898753192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:40:52.066768885 CEST53589878.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:40:53.651407957 CEST5657953192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:40:53.717915058 CEST53565798.8.8.8192.168.2.3
                                                                                          Jun 11, 2021 22:40:57.994457006 CEST6063353192.168.2.38.8.8.8
                                                                                          Jun 11, 2021 22:40:58.056253910 CEST53606338.8.8.8192.168.2.3

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                          Jun 11, 2021 22:40:57.994457006 CEST192.168.2.38.8.8.80x45f6Standard query (0)smtp.vivaldi.netA (IP address)IN (0x0001)

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                          Jun 11, 2021 22:40:58.056253910 CEST8.8.8.8192.168.2.30x45f6No error (0)smtp.vivaldi.net31.209.137.12A (IP address)IN (0x0001)

                                                                                          SMTP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IPCommands
                                                                                          Jun 11, 2021 22:40:58.887758017 CEST5874974331.209.137.12192.168.2.3220 smtp.vivaldi.net ESMTP Postfix (Ubuntu)
                                                                                          Jun 11, 2021 22:40:58.888362885 CEST49743587192.168.2.331.209.137.12EHLO 045012
                                                                                          Jun 11, 2021 22:40:58.977018118 CEST5874974331.209.137.12192.168.2.3250-smtp.vivaldi.net
                                                                                          250-PIPELINING
                                                                                          250-SIZE 36700160
                                                                                          250-ETRN
                                                                                          250-STARTTLS
                                                                                          250-ENHANCEDSTATUSCODES
                                                                                          250-8BITMIME
                                                                                          250-DSN
                                                                                          250 SMTPUTF8
                                                                                          Jun 11, 2021 22:40:58.977689981 CEST49743587192.168.2.331.209.137.12STARTTLS
                                                                                          Jun 11, 2021 22:40:59.066626072 CEST5874974331.209.137.12192.168.2.3220 2.0.0 Ready to start TLS

                                                                                          Code Manipulations

                                                                                          Statistics

                                                                                          CPU Usage

                                                                                          Click to jump to process

                                                                                          Memory Usage

                                                                                          Click to jump to process

                                                                                          High Level Behavior Distribution

                                                                                          Click to dive into process behavior distribution

                                                                                          Behavior

                                                                                          Click to jump to process

                                                                                          System Behavior

                                                                                          Analysis Process: SecuriteInfo.com.Variant.Bulz.495766.21629.exe PID: 5760 Parent PID: 5880

                                                                                          General

                                                                                          Start time:22:39:59
                                                                                          Start date:11/06/2021
                                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.495766.21629.exe'
                                                                                          Imagebase:0xc70000
                                                                                          File size:1559552 bytes
                                                                                          MD5 hash:755AFF3A424238B026F8D547783ECBD8
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.211514974.0000000004141000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000000.00000002.211514974.0000000004141000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.211263032.0000000003190000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          Reputation:low

                                                                                          Chronological Activities

                                                                                          Analysis Process: MSBuild.exe PID: 6036 Parent PID: 5760

                                                                                          General

                                                                                          Start time:22:40:06
                                                                                          Start date:11/06/2021
                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                          Imagebase:0x770000
                                                                                          File size:261728 bytes
                                                                                          MD5 hash:D621FD77BD585874F9686D3A76462EF1
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.467134618.0000000002C51000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000000.208728671.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000000.208728671.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.463542809.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000002.463542809.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          Reputation:moderate

                                                                                          Chronological Activities

                                                                                          Disassembly

                                                                                          Code Analysis

                                                                                          Reset < >

                                                                                            Analysis Process: SecuriteInfo.com.Variant.Bulz.495766.21629.exe PID: 5760 Parent PID: 5880 SecuriteInfo.com.Variant.Bulz.495766.21629.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 06496808, Relevance: 8.9, Instructions: 8932COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0f2c834a1c60eebbf80fcee2b3b77c98ec9be60995fdf38b01ca18c13f2d43ee
                                                                                            • Instruction ID: 389283411e9b3a024d033b9736eafe3235c5ccf4cb52188cff7c0e145283d510
                                                                                            • Opcode Fuzzy Hash: 0f2c834a1c60eebbf80fcee2b3b77c98ec9be60995fdf38b01ca18c13f2d43ee
                                                                                            • Instruction Fuzzy Hash: 6E24A478A50618CFCB68DF24C998AD9B7B1FF49305F1142E9E509AB361DB31AE81CF50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 064967F9, Relevance: 8.9, Instructions: 8870COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ef40abe9421b3001b1d3d060aa7a2ad548302038aefdd17a846c7479f22e2acd
                                                                                            • Instruction ID: 885967a7b65ee4b9d377dbff60b4a919c176107d9d52542f4e9422b67b4277e4
                                                                                            • Opcode Fuzzy Hash: ef40abe9421b3001b1d3d060aa7a2ad548302038aefdd17a846c7479f22e2acd
                                                                                            • Instruction Fuzzy Hash: B124A478A50618CFCB68DF24C998AD9B7B1FF49305F1142E9E509AB361DB31AE81CF50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786CF10, Relevance: 2.8, Strings: 2, Instructions: 272COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: xMO$xMO
                                                                                            • API String ID: 0-1983873385
                                                                                            • Opcode ID: 5a5576e094d8c5b63ed493900f1c468d90c4f36e0d5a6f06fcf437637e930786
                                                                                            • Instruction ID: 48b25aaf81936eb1ff53b3167692bb118c94a1cb6357f1ab77cdf4fcf64e49fb
                                                                                            • Opcode Fuzzy Hash: 5a5576e094d8c5b63ed493900f1c468d90c4f36e0d5a6f06fcf437637e930786
                                                                                            • Instruction Fuzzy Hash: C6C128B4E1120AEFCB04CFA6C4849AEFBB6FF99304F148559E415EB214D774A942CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786AE17, Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: |-K
                                                                                            • API String ID: 0-773180783
                                                                                            • Opcode ID: d970748f6ef5ced833010ba20cf7d1da50569ea666cc86da9b3a4604181e1e78
                                                                                            • Instruction ID: 86e0c5c135ee778a31feb4a5b5e0478dfee42b245e172d152de06973f22e6eac
                                                                                            • Opcode Fuzzy Hash: d970748f6ef5ced833010ba20cf7d1da50569ea666cc86da9b3a4604181e1e78
                                                                                            • Instruction Fuzzy Hash: 1A81D2B4E102099FDB08CFE9C8846AEFBB2BF89304F20942AD815BB354DB359905CF55
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786AE28, Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: |-K
                                                                                            • API String ID: 0-773180783
                                                                                            • Opcode ID: e955d187771fb0992da8d456ecacfad4c1a367cc66454e8967ea7a01fc66d8d4
                                                                                            • Instruction ID: a56836c45da3e5f77b1cafef80809c61317fa3fa8701ba63c3dd990afb94876f
                                                                                            • Opcode Fuzzy Hash: e955d187771fb0992da8d456ecacfad4c1a367cc66454e8967ea7a01fc66d8d4
                                                                                            • Instruction Fuzzy Hash: 9B81D3B4E102099FDB08CFE9C884AAEFBB2BF89304F10942AD515BB354DB349905CF55
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07867CB0, Relevance: .2, Instructions: 240COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 70c73f499de6de8d701e2cfe497c39502d5df6da68175575097ad48e60b04485
                                                                                            • Instruction ID: 5d368de8fbe6c0f41f9272705b35c9c6f71a75debd18cc8aaf80371c3fd74ffd
                                                                                            • Opcode Fuzzy Hash: 70c73f499de6de8d701e2cfe497c39502d5df6da68175575097ad48e60b04485
                                                                                            • Instruction Fuzzy Hash: F1A127B4E0021DDBDB14DFA9C848BDEBBB2BF9A308F148469D508A7244DB715989CF91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786BF19, Relevance: .2, Instructions: 172COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e607d4b1246849c777ec47b668b594bc5decf5ed7ebf08da944ffdf79e5e5354
                                                                                            • Instruction ID: 12a3093f2211d9ac3c0d12f3ecc246755ac4d24049e54439d248dbf0058a5fbe
                                                                                            • Opcode Fuzzy Hash: e607d4b1246849c777ec47b668b594bc5decf5ed7ebf08da944ffdf79e5e5354
                                                                                            • Instruction Fuzzy Hash: 806156B4E1521AEBCB04CF95D4849AEFBB2FF99304F248526D515FB224D734AA01CF61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786B688, Relevance: .2, Instructions: 153COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f2d287ad644a89fa59341a3894f97f3daff1dd383b0e096e27b22c60049d5405
                                                                                            • Instruction ID: d77f0b3a35aeb9f6a4a92c127a28feee1e9ffc46166246696687606c6284b3e8
                                                                                            • Opcode Fuzzy Hash: f2d287ad644a89fa59341a3894f97f3daff1dd383b0e096e27b22c60049d5405
                                                                                            • Instruction Fuzzy Hash: FB512AB4E056199FCB08CFAAC9456AEFBF2BF89304F24D42AD409F7254D7349A01CB64
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786C0D1, Relevance: .1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: eb8ab460ec7eadf5054b4d9aad1f438bf8aee7c644ba11f00b1572f96e6e7bdd
                                                                                            • Instruction ID: c6aecb4bc635423e41d7ddaef45ec3969f38ebb0538e72281fcbfdaa10acc247
                                                                                            • Opcode Fuzzy Hash: eb8ab460ec7eadf5054b4d9aad1f438bf8aee7c644ba11f00b1572f96e6e7bdd
                                                                                            • Instruction Fuzzy Hash: 763149B5E01618CFDB18CFAAC94469EBFB3AFC8301F14C06AD808AB254DB745A45CF50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 06490006, Relevance: 1.8, Strings: 1, Instructions: 504COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: d
                                                                                            • API String ID: 0-2564639436
                                                                                            • Opcode ID: 458fcf4c076a95caeca427c4af62fa026f6dcef545ac03983a4af70483170646
                                                                                            • Instruction ID: 2b24de1e04f05f3624b8e73f3abff1c66332824534ab4e9faf54f02a71d0a279
                                                                                            • Opcode Fuzzy Hash: 458fcf4c076a95caeca427c4af62fa026f6dcef545ac03983a4af70483170646
                                                                                            • Instruction Fuzzy Hash: DA322C78A50205CFDB59CF24D485A9ABBB2FF89704F1581E9D9059B365DB30EC82CF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0310BBB8, Relevance: 1.7, APIs: 1, Instructions: 202COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0310BE0E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.211103317.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: HandleModule
                                                                                            • String ID:
                                                                                            • API String ID: 4139908857-0
                                                                                            • Opcode ID: 1a2951b9c43e88facf44730999c4b24311695e301ffa696fe6d301a0a197585a
                                                                                            • Instruction ID: 9694226e73a6a4a980973281b0a05519d862da00da9549da605856a7f7319378
                                                                                            • Opcode Fuzzy Hash: 1a2951b9c43e88facf44730999c4b24311695e301ffa696fe6d301a0a197585a
                                                                                            • Instruction Fuzzy Hash: A0715470A04B058FD724DF2AC55079ABBF5FF88214F048A2ED496DBB80DB75E8458F91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0310DBE0, Relevance: 1.7, APIs: 1, Instructions: 165COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0310DD8A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.211103317.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateWindow
                                                                                            • String ID:
                                                                                            • API String ID: 716092398-0
                                                                                            • Opcode ID: 64d9e238854b44d1d76b9a6c28470bae7fd7dd31c7564f22162fbf9e81c33a72
                                                                                            • Instruction ID: 7f527a16dae62d84ec20afd88563c8b7153672ecfb98f423314941b20f4cbacd
                                                                                            • Opcode Fuzzy Hash: 64d9e238854b44d1d76b9a6c28470bae7fd7dd31c7564f22162fbf9e81c33a72
                                                                                            • Instruction Fuzzy Hash: 616125B2C04348AFCF11CFA9D980ADEBFB1BF49314F19815AE818AB261D7719985CF51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0310B224, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0310DD8A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.211103317.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateWindow
                                                                                            • String ID:
                                                                                            • API String ID: 716092398-0
                                                                                            • Opcode ID: 3bd42a6206be84f3c83091a9e71e359c5dd11b6c07886bfcee77538b3d8ebc81
                                                                                            • Instruction ID: c768aa7cf7188d7264814e01e9198cf5d425ad3517ef90a4418a40487fb2dc1e
                                                                                            • Opcode Fuzzy Hash: 3bd42a6206be84f3c83091a9e71e359c5dd11b6c07886bfcee77538b3d8ebc81
                                                                                            • Instruction Fuzzy Hash: 8C51B0B1D00349EFDF14CF99D984ADEBBB5BF48314F24812AE819AB250D7B49985CF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 03106D41, Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 03106E3F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.211103317.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: bcca08afac1da1e880120522b16cbbabc493653722bbee97e1ab92079f5df788
                                                                                            • Instruction ID: 3dad942e9a0667077d34b32b735b4cf1695b3ae5921e06c0b27f3471456947bd
                                                                                            • Opcode Fuzzy Hash: bcca08afac1da1e880120522b16cbbabc493653722bbee97e1ab92079f5df788
                                                                                            • Instruction Fuzzy Hash: AF414876900258AFCB10CF99D884ADEBFF9FB48324F04801AE954A7351D775A964DFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 03106DB0, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 03106E3F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.211103317.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: 3eec603de996e4162806472681f66ab2013a8b452617f932d94ca27f91dce02e
                                                                                            • Instruction ID: 0fd93e4a787dca648d138e78e7987d143d9601d99d844a3fd9bb9c51b50968f5
                                                                                            • Opcode Fuzzy Hash: 3eec603de996e4162806472681f66ab2013a8b452617f932d94ca27f91dce02e
                                                                                            • Instruction Fuzzy Hash: 9021D2B5900208AFDB10CFAAD984ADEBBF8EB48324F14841AE914A7351D774A954CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 03106DB8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 03106E3F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.211103317.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: 57693f2dd4d52dfbd8b95b83ed32ca1430c5c9f86b94e8bf1fb45bea24c8d76e
                                                                                            • Instruction ID: 114bbb08e9d95c9403fbc1715b44e4be77cc15fec68459837b29cc48850c4746
                                                                                            • Opcode Fuzzy Hash: 57693f2dd4d52dfbd8b95b83ed32ca1430c5c9f86b94e8bf1fb45bea24c8d76e
                                                                                            • Instruction Fuzzy Hash: 2121C4B59002089FDB10CFAAD584ADEBBF8EB48324F14841AE914A7350D774A954CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0310B0E8, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0310BE89,00000800,00000000,00000000), ref: 0310C09A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.211103317.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad
                                                                                            • String ID:
                                                                                            • API String ID: 1029625771-0
                                                                                            • Opcode ID: ca468b30c1073e7e8e52a6592818a71ef67cedff0badfc7a55c42a13d2da0f4d
                                                                                            • Instruction ID: e1a436f9a433f9dfdcc5f39eab2d1cb060c79e850c243295d0add8d66b4884a5
                                                                                            • Opcode Fuzzy Hash: ca468b30c1073e7e8e52a6592818a71ef67cedff0badfc7a55c42a13d2da0f4d
                                                                                            • Instruction Fuzzy Hash: 6D1103B6D002089FDB10CF9AD544BDEFBF4EB88364F04852AE915BB240C3B5A945CFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0310C028, Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0310BE89,00000800,00000000,00000000), ref: 0310C09A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.211103317.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad
                                                                                            • String ID:
                                                                                            • API String ID: 1029625771-0
                                                                                            • Opcode ID: 9819d7202c594aa3712785fd1d83fd9f96919f1c6748dd0ba799fa1a12afc730
                                                                                            • Instruction ID: 8e20059beaad24c0e5e559a7296e1236d384f341237b9b85470a35a9f1093099
                                                                                            • Opcode Fuzzy Hash: 9819d7202c594aa3712785fd1d83fd9f96919f1c6748dd0ba799fa1a12afc730
                                                                                            • Instruction Fuzzy Hash: 7D1114B6D002098FDB10CF9AD544BDEFBF4EB48324F14851AD515BB640C375A949CFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0310BDA8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0310BE0E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.211103317.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: HandleModule
                                                                                            • String ID:
                                                                                            • API String ID: 4139908857-0
                                                                                            • Opcode ID: 0d6a8ec606d9086a1bdf21e7c60d57188e1cb7345f32107486c2ac1a2e7f9590
                                                                                            • Instruction ID: 18a028916140bd6e1ccfd807f1b2826784e178c612aeea76744016324771a0b3
                                                                                            • Opcode Fuzzy Hash: 0d6a8ec606d9086a1bdf21e7c60d57188e1cb7345f32107486c2ac1a2e7f9590
                                                                                            • Instruction Fuzzy Hash: 2D1110B5D002498FCB10CF9AD444BDEFBF4EF88228F14841AD929A7340D374A545CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0310DEB9, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetWindowLongW.USER32(?,?,?), ref: 0310DF1D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.211103317.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LongWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1378638983-0
                                                                                            • Opcode ID: 0c0c39ed79d554dff3dc38f2df23d389cddf2b6e112281828db28bc0d1448db4
                                                                                            • Instruction ID: 752bd62245d444c9c47e6975c5a2dcf91b8b837e5b1e0fe81833ba70d9c9edc1
                                                                                            • Opcode Fuzzy Hash: 0c0c39ed79d554dff3dc38f2df23d389cddf2b6e112281828db28bc0d1448db4
                                                                                            • Instruction Fuzzy Hash: D91100B99002088FDB10CF99D685BDEBBF8EF48324F14840AE919B7740C375AA45CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0310DEC0, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetWindowLongW.USER32(?,?,?), ref: 0310DF1D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.211103317.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LongWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1378638983-0
                                                                                            • Opcode ID: 95829e77290ea35708655cadbf749a0dab3fd6d843e9ae4ad3fe7c73a62edb07
                                                                                            • Instruction ID: 5a2287e83a380092a0792700ccb56da3683d25d59908693eadc0f93bf9e3405e
                                                                                            • Opcode Fuzzy Hash: 95829e77290ea35708655cadbf749a0dab3fd6d843e9ae4ad3fe7c73a62edb07
                                                                                            • Instruction Fuzzy Hash: 5A11E2B59002099FDB10DF9AD584BDEFBF8EF88324F14841AE955A7740D374A944CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07869E58, Relevance: .3, Instructions: 287COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8013e9aa859d43f3d33bcb59dde3a5877db09a1c5f1c6925b99b3275d25fff7a
                                                                                            • Instruction ID: 420c1f8888016f09a5de340b61164ea1f3989bf385a0650a17c88795c12247f9
                                                                                            • Opcode Fuzzy Hash: 8013e9aa859d43f3d33bcb59dde3a5877db09a1c5f1c6925b99b3275d25fff7a
                                                                                            • Instruction Fuzzy Hash: C8A1246150E3C05FC30BAB7C98B48993FB1AE13114B0A49DBC1C6CF1A3D6299D59D7A7
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07868798, Relevance: .2, Instructions: 190COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0b4ff062675c18723f6bcb4b5c668a04933d2402d91ae397c391f9bcf7397289
                                                                                            • Instruction ID: fbcc71c5fc8cbe2930d81cfdae00e5fd81a76a4101b568e6b341a4fa260f4eb8
                                                                                            • Opcode Fuzzy Hash: 0b4ff062675c18723f6bcb4b5c668a04933d2402d91ae397c391f9bcf7397289
                                                                                            • Instruction Fuzzy Hash: 7B61D4B5E002199FCF14DFB484592AEBAB6BF94658F200969C50AF7380EF359D05CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07866B78, Relevance: .2, Instructions: 156COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9bf890c57788027b1e9c44ce758bd2e011175cae36860b997ac9bc4c16b16f3c
                                                                                            • Instruction ID: 3e88be4923ef4f4a4b43c676614a061747f78643513517392d706a72a7d362c2
                                                                                            • Opcode Fuzzy Hash: 9bf890c57788027b1e9c44ce758bd2e011175cae36860b997ac9bc4c16b16f3c
                                                                                            • Instruction Fuzzy Hash: D051D275B002468FCB11EBB9D8484BFBBB6EFC92247148569E429DB391EF309C058791
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07866118, Relevance: .2, Instructions: 152COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a47ff007b660a3676d14934075f3265091efedad321b78529b52bff13f45f4a5
                                                                                            • Instruction ID: 97564594f7caa7f25a763ec2b69a578212a8fc92cf599a21ac26959fdd0c2232
                                                                                            • Opcode Fuzzy Hash: a47ff007b660a3676d14934075f3265091efedad321b78529b52bff13f45f4a5
                                                                                            • Instruction Fuzzy Hash: 8551F2B4E00249DBDB04DFE9D8896EEBBF6BF99304F108429D405EB384EB745945CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0649FC92, Relevance: .1, Instructions: 133COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 18e22d88ccbe0fd09d677a92314a0ff95a021fcf2298bfc7adb5df8f1c23bb54
                                                                                            • Instruction ID: cbdc0fd57c469010821e5eb542d59881c82d75dba1a8c89fe500547cf245f055
                                                                                            • Opcode Fuzzy Hash: 18e22d88ccbe0fd09d677a92314a0ff95a021fcf2298bfc7adb5df8f1c23bb54
                                                                                            • Instruction Fuzzy Hash: 9041E42428E3D00FE747A37149652957F729B5B658B1E81CFC085DF2E3CA9E480BC7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 064914B3, Relevance: .1, Instructions: 109COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 06f7bf0ab84d663050c253810c12b6514226ceffb242207b50e6b5b024be3e4a
                                                                                            • Instruction ID: 8242f003804246fcb7d156ad05e406b0615501f6c8e2c972f31caee540370fb2
                                                                                            • Opcode Fuzzy Hash: 06f7bf0ab84d663050c253810c12b6514226ceffb242207b50e6b5b024be3e4a
                                                                                            • Instruction Fuzzy Hash: 82412971E5020A9FCF55CFA9D884AAEBBF5BF48214F14842AE416E7350DB30D941CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 06492EE8, Relevance: .1, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7f6f2887adb2b0b61170a8a743719c237ec1b6dc294ff8f395383e6cd7c7f04d
                                                                                            • Instruction ID: 24e1372ef28a1e272907992c954990735fa1511bf92ebfa6b370c0e1745a3898
                                                                                            • Opcode Fuzzy Hash: 7f6f2887adb2b0b61170a8a743719c237ec1b6dc294ff8f395383e6cd7c7f04d
                                                                                            • Instruction Fuzzy Hash: 7A31F572E50216BFDFA5CB6998446BFBFB6FB44218F00412AE82597284C7705E44DBE1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 06492ECE, Relevance: .1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4860513583d74afd823b1cac29a13244b47e9c74a7a54c8b2f19ce491f28e1c4
                                                                                            • Instruction ID: 09932d94f1cc0f0bc2b4932d2dc16d1824d53f28c499eb12396137e0fb254e68
                                                                                            • Opcode Fuzzy Hash: 4860513583d74afd823b1cac29a13244b47e9c74a7a54c8b2f19ce491f28e1c4
                                                                                            • Instruction Fuzzy Hash: 30315132E54246BFDF96CB3898446BBBFB2FB45218F0040ABE454D7285C7749A44DBE2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786B8C8, Relevance: .1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f8a97ae7a32b6e4f7729b7bb5595aa140a7f4a27cc8549103b9a1b5947186b03
                                                                                            • Instruction ID: 9824f48855b87d2816fc353b0d7240ea06a87f419d3779ac1f1f143de993b2f1
                                                                                            • Opcode Fuzzy Hash: f8a97ae7a32b6e4f7729b7bb5595aa140a7f4a27cc8549103b9a1b5947186b03
                                                                                            • Instruction Fuzzy Hash: B931B7B4E052099FCB44CFA9C581AAEBBF2EF89304F20956AC419E7714E7789A41CF50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786BE11, Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 79a97896efa206bfb805555cca5124674163f9f1a38bf75dc49379829ce29208
                                                                                            • Instruction ID: c1a7022e7d971418cc25b3ab88493c54371aed241741e6674b4955d9bafe4c5a
                                                                                            • Opcode Fuzzy Hash: 79a97896efa206bfb805555cca5124674163f9f1a38bf75dc49379829ce29208
                                                                                            • Instruction Fuzzy Hash: ED314AB4E14209DFCB08CFA9D554AAEBFB2BB89200F24C5AAC515E7314D7389A01CF50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 015AD4D8, Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.210842940.00000000015AD000.00000040.00000001.sdmp, Offset: 015AD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 70ce84dc1e3453a8b8b1ddaa3c77313a59d05e1d85220784ecc4973d6c998424
                                                                                            • Instruction ID: 0d3424a81b2ad251703484fa94751b2f48f90f6f42ae2c43489c1a44292931a2
                                                                                            • Opcode Fuzzy Hash: 70ce84dc1e3453a8b8b1ddaa3c77313a59d05e1d85220784ecc4973d6c998424
                                                                                            • Instruction Fuzzy Hash: 2A2133B1544200DFCB01EF94D9C4B1EBFB5FB8C328F648969E9450F606C336D846CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 015AD124, Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.210842940.00000000015AD000.00000040.00000001.sdmp, Offset: 015AD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 61f7dbade0f579610aacd74d6b58c4dee251bd7b0e7f030736e84775da851bb4
                                                                                            • Instruction ID: 518dc0f8a8edb42e5d3e2a2d23e535da1bfa403c13c016d0d1cd8a2058434810
                                                                                            • Opcode Fuzzy Hash: 61f7dbade0f579610aacd74d6b58c4dee251bd7b0e7f030736e84775da851bb4
                                                                                            • Instruction Fuzzy Hash: 722128B5544244DFDB01EF94D8C0B2EBFB5FB88324F648969E9050F646C336E846C7A1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 015BD01C, Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.210863125.00000000015BD000.00000040.00000001.sdmp, Offset: 015BD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ce27b18355d22f0862d228ce83c44732d8161929725b78e484e3579d2585464a
                                                                                            • Instruction ID: 7b0f4314f8fecdb994fe99bba1a661decab7375833038e15086937ef1c3dd4ce
                                                                                            • Opcode Fuzzy Hash: ce27b18355d22f0862d228ce83c44732d8161929725b78e484e3579d2585464a
                                                                                            • Instruction Fuzzy Hash: DA212575504248DFCB15CF94D4C4B5ABBB5FB88358F24C96DE8094F246D33BD846CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 015BD32C, Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.210863125.00000000015BD000.00000040.00000001.sdmp, Offset: 015BD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b3df542932454dac151f64385f862413bb003eaee38d389572ae79ce9acc16ac
                                                                                            • Instruction ID: 5e84cfa043cedb6934c37ca9c979dc65e9358c5576fbab4f8d0a319ba44da036
                                                                                            • Opcode Fuzzy Hash: b3df542932454dac151f64385f862413bb003eaee38d389572ae79ce9acc16ac
                                                                                            • Instruction Fuzzy Hash: 162122B5504244DFCB01CF94D4C0BAABBB5FB88328F24C96DE90A4F247C33AD846CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786B9F1, Relevance: .1, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7a5d42e3f892129b726dccac7d05eb64ae7adb0bcf92a69d981e67fc6b064f9e
                                                                                            • Instruction ID: e5a3b6bd3d76d09580c7fd96bc7084972e30330616ab621e9c70b44d58b6d625
                                                                                            • Opcode Fuzzy Hash: 7a5d42e3f892129b726dccac7d05eb64ae7adb0bcf92a69d981e67fc6b064f9e
                                                                                            • Instruction Fuzzy Hash: D821F8B0E152099FCB45DFA9C5446AEBBF1BF89204F24C5A6C518E7214E7349A418B51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786BE20, Relevance: .1, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5424ef75c64f9b5b8075f769af1d8e3846f5752625979722d2cdf47064d4b8e4
                                                                                            • Instruction ID: 35fa6385f279143f5dae382919a588bccacf23c9974ade2bfffcc85d61afedf7
                                                                                            • Opcode Fuzzy Hash: 5424ef75c64f9b5b8075f769af1d8e3846f5752625979722d2cdf47064d4b8e4
                                                                                            • Instruction Fuzzy Hash: F1212AB4E14209DFCB48CFA9D5449AEBBB2FB89305F20D56AC519E7314D778AA01CF50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07866D1C, Relevance: .1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: df15664e4780dd3283c41e3323b97be4bcb17109068c63d9d54a1f92ba11ed53
                                                                                            • Instruction ID: f353b9ae74ee5af978c6ea2d03a8f196fd77eb54d5f32231bd742cfee9141355
                                                                                            • Opcode Fuzzy Hash: df15664e4780dd3283c41e3323b97be4bcb17109068c63d9d54a1f92ba11ed53
                                                                                            • Instruction Fuzzy Hash: A931E3B4D01258AFDB20CFA9C5887DEBFF4BB58318F24842AE404BB250D7755949CF91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 064963F4, Relevance: .1, Instructions: 65COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ecac07f43c16251d724df5bbfdf0b9b9aadae509e8031831be7990321b21903c
                                                                                            • Instruction ID: 5154f86d79b4069c9bbdc0720b4225dc981d24d25e08ce8923649e7ac1a08062
                                                                                            • Opcode Fuzzy Hash: ecac07f43c16251d724df5bbfdf0b9b9aadae509e8031831be7990321b21903c
                                                                                            • Instruction Fuzzy Hash: 1311BC383803244BEE99BB6984647AF3696ABC8B00F00441EE5169B3C5CFE59C4687E2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07866D28, Relevance: .1, Instructions: 64COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 71b64d6cd58af00da52573c607605c19fb5b95774175c53480ee45c74a5a4871
                                                                                            • Instruction ID: 04f7fdec7daecdf12e54cda34e9466363c2d87e99f6784b7413a1f38808d2642
                                                                                            • Opcode Fuzzy Hash: 71b64d6cd58af00da52573c607605c19fb5b95774175c53480ee45c74a5a4871
                                                                                            • Instruction Fuzzy Hash: 1521BFB4D01258AFDB20CF99C588BDEBBF4AB58318F248429E504BB350D7B55949CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 015BD006, Relevance: .1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.210863125.00000000015BD000.00000040.00000001.sdmp, Offset: 015BD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 217ff1286e6d5bb6bf1274197ef01b0e51794cd88b46801fbd83252d19b532af
                                                                                            • Instruction ID: 25e1970f09316ae073145f076ada06c426a4ee5b7f041dceb4ab65f6379bae3a
                                                                                            • Opcode Fuzzy Hash: 217ff1286e6d5bb6bf1274197ef01b0e51794cd88b46801fbd83252d19b532af
                                                                                            • Instruction Fuzzy Hash: 7A2180755093848FCB02CF24D5D4755BF71FB46214F28C5DAD8498F657C33A984ACB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07866690, Relevance: .1, Instructions: 58COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 34c9c3b13f33f1ed6f6a892203820faca5d45ce318d7b3a4e02b9677b841e4e9
                                                                                            • Instruction ID: d88096793c2018777223f9fe75f8c6f8496d4eef0b8287632692d6358a4230b1
                                                                                            • Opcode Fuzzy Hash: 34c9c3b13f33f1ed6f6a892203820faca5d45ce318d7b3a4e02b9677b841e4e9
                                                                                            • Instruction Fuzzy Hash: 11118C75B002598B8B14EFF998142EEB6B6EF84205B20013AC509E7340EB319D0ACBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786D5D8, Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6a99df5b0f411f7dc83fdb2c3441de3f4d58347a6216d93db98509f0cf574f09
                                                                                            • Instruction ID: cfdb9cbba1b3fe983f4bd513126d12abcff96371709e0ae44e803a131b269f05
                                                                                            • Opcode Fuzzy Hash: 6a99df5b0f411f7dc83fdb2c3441de3f4d58347a6216d93db98509f0cf574f09
                                                                                            • Instruction Fuzzy Hash: 5611E4B4F01108EFCB48DFA9C588A9DFBF6AF89204F15C5A6D418EB224D770DA50CB50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 015AD11F, Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.210842940.00000000015AD000.00000040.00000001.sdmp, Offset: 015AD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0d8a9d817077d39d9fad6da2ff2e5526acd16db30dd6086573c8171f784580f2
                                                                                            • Instruction ID: c975d54c539a037cf2d49d4046cffdcc0c9cce9c3e2b51d2f24bab8435b69759
                                                                                            • Opcode Fuzzy Hash: 0d8a9d817077d39d9fad6da2ff2e5526acd16db30dd6086573c8171f784580f2
                                                                                            • Instruction Fuzzy Hash: B611B176444284DFCB12DF54D9C4B1ABF71FB84324F2486AAD8450FA56C336E45ACBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 015AD4D3, Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.210842940.00000000015AD000.00000040.00000001.sdmp, Offset: 015AD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0d8a9d817077d39d9fad6da2ff2e5526acd16db30dd6086573c8171f784580f2
                                                                                            • Instruction ID: 5e273f04288c6a9a5e1c41c2ba47a001d4f92537ef550434a818da9269bc8767
                                                                                            • Opcode Fuzzy Hash: 0d8a9d817077d39d9fad6da2ff2e5526acd16db30dd6086573c8171f784580f2
                                                                                            • Instruction Fuzzy Hash: 80110376444280CFCB02DF44D5C4B1ABF71FB88324F2486A9D8450F616C33AD45ACBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 06492B61, Relevance: .1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 06bcb779c4e1dcbc9e52b5acf3bd925546dc0ef7bd9f9cdb76600910c5342bbf
                                                                                            • Instruction ID: 6f4dbe744a14bcffa67638cb075e6b22929adc7c8566dc7db6fbcbe4b7c2f4e0
                                                                                            • Opcode Fuzzy Hash: 06bcb779c4e1dcbc9e52b5acf3bd925546dc0ef7bd9f9cdb76600910c5342bbf
                                                                                            • Instruction Fuzzy Hash: C011E330A50158AFDF999FA4D4147EF7EB6EBCC214F24442DC401BB380DBB45949CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 015BD327, Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.210863125.00000000015BD000.00000040.00000001.sdmp, Offset: 015BD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 17adf84bf3d986228e54cd171d4c143f67dded3a97ef0c4bc82ee09b3a791334
                                                                                            • Instruction ID: a53f2ba7526cfa61cd5c0b084d465998dfd557259a34ce09d3fc7079e7bbbec0
                                                                                            • Opcode Fuzzy Hash: 17adf84bf3d986228e54cd171d4c143f67dded3a97ef0c4bc82ee09b3a791334
                                                                                            • Instruction Fuzzy Hash: 9811A975504284DFCB02CF54D5C4B5ABFB1FB84228F28C6AAD8494B656C33AD44ACB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 06492B70, Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e3313a16714a30d1e57f6160ecc0291f656af8309ced33fb20cbbf0450faba96
                                                                                            • Instruction ID: 8dc01f50ee9562f9a27af59295178f531d3bbd4746ec21eef6dcab4f239e77a8
                                                                                            • Opcode Fuzzy Hash: e3313a16714a30d1e57f6160ecc0291f656af8309ced33fb20cbbf0450faba96
                                                                                            • Instruction Fuzzy Hash: 5411C230B50218AFDB589EA4C8547EF7AB6EB8C314F24442DC002BB380CFB45949CBA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07866E2C, Relevance: .0, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: aee308713c852035d738adc200c4c07431d23d4174d73f3c07dfb261f31104b1
                                                                                            • Instruction ID: 3fa89aa9b1675351602d8f52d1fcf100ab98104e27462442adbc02e825e4fa88
                                                                                            • Opcode Fuzzy Hash: aee308713c852035d738adc200c4c07431d23d4174d73f3c07dfb261f31104b1
                                                                                            • Instruction Fuzzy Hash: 29113CB5900249EFDB11CF5AC5487DABFF5AF49360F24C169E818AB290D7718980CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 015AD811, Relevance: .0, Instructions: 45COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.210842940.00000000015AD000.00000040.00000001.sdmp, Offset: 015AD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5a77ad750b5cc372bfc3ad2c298eec7e4baadc82a97fe16b3ebfa355e6e7e65b
                                                                                            • Instruction ID: bb95021dc4c50477430752beec45b928db68493ecadc04d967584ab3e4737991
                                                                                            • Opcode Fuzzy Hash: 5a77ad750b5cc372bfc3ad2c298eec7e4baadc82a97fe16b3ebfa355e6e7e65b
                                                                                            • Instruction Fuzzy Hash: A601F771848345AAE7105A59CC8476FBBE8FF40278F088819EE0C5F643D7759844C6B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07866E38, Relevance: .0, Instructions: 41COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 649bed1b93b52916c2b279eca7078a1abe9597d0119e2fd03f472ee47e26028a
                                                                                            • Instruction ID: 3d82eed88f08f4984ea75c1a72463a934977bd46838db0d3b3baa61235aecfae
                                                                                            • Opcode Fuzzy Hash: 649bed1b93b52916c2b279eca7078a1abe9597d0119e2fd03f472ee47e26028a
                                                                                            • Instruction Fuzzy Hash: 3101EDB4A00249EFDB14CF9AC54879EBEF5FB49360F24C169E818AB290D7758984CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786717B, Relevance: .0, Instructions: 40COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 60f5d993379b75e162e7a19f005b0fe6018c40d98917afb8dbd60a93002783d0
                                                                                            • Instruction ID: 865455cdad0c7e69f6368e90de1ecea00d250169ea43f019f28f2fbc1de65ff5
                                                                                            • Opcode Fuzzy Hash: 60f5d993379b75e162e7a19f005b0fe6018c40d98917afb8dbd60a93002783d0
                                                                                            • Instruction Fuzzy Hash: D8F090727082A55F9301966D9C848ABBFE9EFCA17435542AAF958CB392CA208C01C3A0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 078670DC, Relevance: .0, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dbb286675bd0edbe6bde9d9049b039c2127a4d2f91d7002367b5c74c39e03548
                                                                                            • Instruction ID: 1a49b116789f3124d2b5e982450e64c547a7a87bbac593386dd959718f1fba62
                                                                                            • Opcode Fuzzy Hash: dbb286675bd0edbe6bde9d9049b039c2127a4d2f91d7002367b5c74c39e03548
                                                                                            • Instruction Fuzzy Hash: DF011EF080021AEFDB14CF65C8087AEBBF1BF45314F148616E814EA294D7744A44CFD0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786A128, Relevance: .0, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b2d29aaa931a7e2fbf541ec9abe1ff5262d0b7ecf8d69a244728f8c8505439ca
                                                                                            • Instruction ID: 03096e619312601d0fcc40def866a0461fb40b1f048cc6f4d05cefb9131ed11c
                                                                                            • Opcode Fuzzy Hash: b2d29aaa931a7e2fbf541ec9abe1ff5262d0b7ecf8d69a244728f8c8505439ca
                                                                                            • Instruction Fuzzy Hash: DBF0A4B8A15208EFC70DDFB4D54D25DBFB7EB85201F10C465C90AE7214E7744A51C746
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 015AD810, Relevance: .0, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.210842940.00000000015AD000.00000040.00000001.sdmp, Offset: 015AD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: daee9dbdd158ccb4943d9b4794b46f66364b7e4b6a0d7c6522c87dbc4f875780
                                                                                            • Instruction ID: fda2c150aeffa4fbd363400dbfdf3039bb33c8673d4f1e7c618e622b7f161e0b
                                                                                            • Opcode Fuzzy Hash: daee9dbdd158ccb4943d9b4794b46f66364b7e4b6a0d7c6522c87dbc4f875780
                                                                                            • Instruction Fuzzy Hash: 1EF06871804344AAE7158A19DDC476AFFA8EB41778F18C45AED085F642D3759844CAB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 078670E8, Relevance: .0, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6f2bcb48a000a0e1ce8ce7d16452f5126b4f68a1d21879d2bbc8daff63cb9e48
                                                                                            • Instruction ID: 45284f2110910f00d979c6399fc827635865c6599854d59fa53466bbcb437433
                                                                                            • Opcode Fuzzy Hash: 6f2bcb48a000a0e1ce8ce7d16452f5126b4f68a1d21879d2bbc8daff63cb9e48
                                                                                            • Instruction Fuzzy Hash: C501ACF0800219EFDB15DF65C8087AE7AF5BF45364F148626E424EA294D7744A44CFD1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07867188, Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1684c3b2eb14cf686236287d83d4895465329e490f7de1ae152e2fd7f0b36b40
                                                                                            • Instruction ID: 386a2903f4b97caad23fe2350548242278afef77e3742b592bf2bb0b1d4f9753
                                                                                            • Opcode Fuzzy Hash: 1684c3b2eb14cf686236287d83d4895465329e490f7de1ae152e2fd7f0b36b40
                                                                                            • Instruction Fuzzy Hash: CFE03972B001286F5304DAAED888C6BBBEEEBCD664351817AF609CB310DA309C0186A0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 078660D1, Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a795274ba60b3c6daa0c26f3999d0afe8e10b4600a50b119afaf0d80af2d0f1b
                                                                                            • Instruction ID: 6f62aeedcaa2fc7fe4cbce95353989d339799ef856dff86f9bdae9981e5a5851
                                                                                            • Opcode Fuzzy Hash: a795274ba60b3c6daa0c26f3999d0afe8e10b4600a50b119afaf0d80af2d0f1b
                                                                                            • Instruction Fuzzy Hash: 72F05E74A1A24CEFCB11DFB8A44569CBFF49B06115F1001F6D848E3241E6354E48C792
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786A5B0, Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a9251578d0bd225152e06bf8aee9b35b33f61f820b0b6a5a08c8903224725dbf
                                                                                            • Instruction ID: d52183dd52e29a5d2f9d5ebd2b2290c61d31a6234411aa393a0364c95ba83db4
                                                                                            • Opcode Fuzzy Hash: a9251578d0bd225152e06bf8aee9b35b33f61f820b0b6a5a08c8903224725dbf
                                                                                            • Instruction Fuzzy Hash: D6012874A402199FDB94DFA4D944B9DB7B2FF89204F008599D00DBB320CB309E88CF21
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 06491ED0, Relevance: .0, Instructions: 30COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 17a92577a796c221d912ae9bbe9adc516ab502ca4bd2552be624c38b16625a7e
                                                                                            • Instruction ID: 5fb906d4bd3c719177e47bc52ddc477971039e3e303e2058695dad0de45b0007
                                                                                            • Opcode Fuzzy Hash: 17a92577a796c221d912ae9bbe9adc516ab502ca4bd2552be624c38b16625a7e
                                                                                            • Instruction Fuzzy Hash: 99E0923634125502CF26627AA44967B6B9EABC0265B18403BDC4987746CEA5D843A3A0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786A26E, Relevance: .0, Instructions: 30COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 53645935cbad50f9f992d3d3aea8eb7daf45210735a0b57725dddf8a4e6ca663
                                                                                            • Instruction ID: 39ae1c8ffbe2cd121c6947e2599069ba89ef3871e2209e42a59d39507e4b912c
                                                                                            • Opcode Fuzzy Hash: 53645935cbad50f9f992d3d3aea8eb7daf45210735a0b57725dddf8a4e6ca663
                                                                                            • Instruction Fuzzy Hash: 6BF03174E052289FCB58CBA8C884B9DB7B2EF99200F10D4A6D10AB7304DA304D958F22
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0649305B, Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f02ed3ede3ab050f9fb825a6883a70c0db30a313cc2cc6fc9bf7938cd6e7fe60
                                                                                            • Instruction ID: ec02e1a9a300b8deee75b8ac52b113aebb7530b8eb64ddbb511f0e8b76cfdd39
                                                                                            • Opcode Fuzzy Hash: f02ed3ede3ab050f9fb825a6883a70c0db30a313cc2cc6fc9bf7938cd6e7fe60
                                                                                            • Instruction Fuzzy Hash: B7F030316147014BC360DB1CE48064B77F2FBC1318B458E2D9096CB610DB71AD4A8B81
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786188D, Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 63ace6537eb63f4f44ddaf6ce65271520efd4b2633b25e959374bde352b45e87
                                                                                            • Instruction ID: 0d02d55dd30ec8594ba66caf6fff4673a223d192d927e033be14b6f6c95b69b5
                                                                                            • Opcode Fuzzy Hash: 63ace6537eb63f4f44ddaf6ce65271520efd4b2633b25e959374bde352b45e87
                                                                                            • Instruction Fuzzy Hash: 6F0140B895526EDFEB60DF14D989F98B7B1BB59344F0095E6D40DE3640D7349E808F10
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 06492530, Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5eef312fcf13ec9dc6016bdd909fc411aae1105b718cbcee0257ddcb465f5bd6
                                                                                            • Instruction ID: 7ae814b62bfd09b019a16af28b8b6a8b6c475258a6e7a76b507591918f8a101b
                                                                                            • Opcode Fuzzy Hash: 5eef312fcf13ec9dc6016bdd909fc411aae1105b718cbcee0257ddcb465f5bd6
                                                                                            • Instruction Fuzzy Hash: 5FE0D8317601109F5B94DABCE411C6737D9EB8D6703114066E10DC7714EA71ED0187D0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786A0C8, Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0a47071afd3292233cb36775f4b04e8c0d542d7c6e3a448165a21e8ab42b4753
                                                                                            • Instruction ID: 424eca35570fb1fd70c4b5ad693f85b48ce7b85737e7e0a1988c529c93e0e2e7
                                                                                            • Opcode Fuzzy Hash: 0a47071afd3292233cb36775f4b04e8c0d542d7c6e3a448165a21e8ab42b4753
                                                                                            • Instruction Fuzzy Hash: 22F058B4D09348EFCB09DFB894046ACBFB4AB16204F1080AAD848A3245D7384A94DF82
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 06491EC0, Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 823e7d899bc4e3efd546418d08a8159b9727cc8b5b928740db6adf96415da530
                                                                                            • Instruction ID: b023f7af414281add83b8e654b03a8eb0e48aca162bd3e3f08f9930b40b56406
                                                                                            • Opcode Fuzzy Hash: 823e7d899bc4e3efd546418d08a8159b9727cc8b5b928740db6adf96415da530
                                                                                            • Instruction Fuzzy Hash: F9E0DF2260A3C506CF26527A5C046AB6F6A8BC2564F08406BDC49C7743CDA5C80297A0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 078683D0, Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bcf77b87a460e7984941a7be52b63c12aa586ab2c6b02af32be9a9a209bc2cf7
                                                                                            • Instruction ID: c17d78d45918e3baa4a82563386a097cb32cbc9dc1c70ec6eed9a904c3fe41dd
                                                                                            • Opcode Fuzzy Hash: bcf77b87a460e7984941a7be52b63c12aa586ab2c6b02af32be9a9a209bc2cf7
                                                                                            • Instruction Fuzzy Hash: 37E09AB084530DEFC700EFA8C58A39ABFF4AB04204F2004A8D808A3240EB745AA8DA80
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786C2EE, Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 389154e93e66e3475d7a1f0215e87971a7a9c27f7680e100a9f758d464f68bec
                                                                                            • Instruction ID: e751e25788df6b6930f437b2c2d78c9467dac909e75c3636c7786f92a5cabba3
                                                                                            • Opcode Fuzzy Hash: 389154e93e66e3475d7a1f0215e87971a7a9c27f7680e100a9f758d464f68bec
                                                                                            • Instruction Fuzzy Hash: E2F07FB5E0521CCFCB55CFA8C985ADDBBB1BF48310F1081959449AB315D234AE95CF50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786A0D8, Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 64147f0c105f397ca268bec1a9d5ce349b084d60f370ffc4a8c4404db0fb95bf
                                                                                            • Instruction ID: 7279732ef36a31fbc65d7c845d27262de1f357338f6e52df514325cea8022669
                                                                                            • Opcode Fuzzy Hash: 64147f0c105f397ca268bec1a9d5ce349b084d60f370ffc4a8c4404db0fb95bf
                                                                                            • Instruction Fuzzy Hash: EDE0E5B4D0520CEFCB18EFB8D44569DBBB5AB59305F20C4A9D808B3344D7355A94DF82
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 06491E78, Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cf7ade623e88edf6dedf84ac69e5e2f3f97d3331d750b06e40f6a0c462c656e5
                                                                                            • Instruction ID: 8928357be4fa0ad673191a94beb35c59530dfabe5266a5c7be6a02567cc0a705
                                                                                            • Opcode Fuzzy Hash: cf7ade623e88edf6dedf84ac69e5e2f3f97d3331d750b06e40f6a0c462c656e5
                                                                                            • Instruction Fuzzy Hash: EEE09AB090824CABCB40DFA8A905AADBBF4EE46208F1085EADC09E7291DB315E009780
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786C52F, Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cfaa664ec73d0cadac5f7a1ebef7b87a30e72c535a49a6af6dde3e0762006a9d
                                                                                            • Instruction ID: 4a71252e1ae308ee7773c7b31cb4472405053bb95fa49b47517afb923ff2fa40
                                                                                            • Opcode Fuzzy Hash: cfaa664ec73d0cadac5f7a1ebef7b87a30e72c535a49a6af6dde3e0762006a9d
                                                                                            • Instruction Fuzzy Hash: ACE03278A1121A8FCB10CF98C588988BBB2FF84310F11D090D809EB218D734FA80CF20
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 078660E0, Relevance: .0, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8a77939a2edab6ffe740fe404a3ff26d62afaee84cceb22fa108750e24695601
                                                                                            • Instruction ID: 8e80257e73b7a4f16840eefcff0c8e9bb72872046d8fa7820f3674a1e55ba832
                                                                                            • Opcode Fuzzy Hash: 8a77939a2edab6ffe740fe404a3ff26d62afaee84cceb22fa108750e24695601
                                                                                            • Instruction Fuzzy Hash: 13E0ECB4A5520CEFCB44EFB8D44A69DBFB8AB06205F1044B9CC48E3240F7715A84CA51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 06491E88, Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.213097461.0000000006490000.00000040.00000001.sdmp, Offset: 06490000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5fe9c7458e32468cd2b1061b3eb01fd626d966ff30ff11a502e312bc1790dfc8
                                                                                            • Instruction ID: e268b7df675862ec50ca5153400d041e6dcccfe2016a055e8bfaf3b423416f8b
                                                                                            • Opcode Fuzzy Hash: 5fe9c7458e32468cd2b1061b3eb01fd626d966ff30ff11a502e312bc1790dfc8
                                                                                            • Instruction Fuzzy Hash: 32D01770A4020DEB8B90DFA8E94146DB7B9FB85208B5044AAD409E7210EA322F00AB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07866659, Relevance: .0, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6abc63d3be101c181b280222789d6605571c25e86e159e35c81363b99d1c3dcd
                                                                                            • Instruction ID: 331be72d8a7e94c6d2b874c5ca8ee6ec35abe5cb25c26b97a0537a080e976087
                                                                                            • Opcode Fuzzy Hash: 6abc63d3be101c181b280222789d6605571c25e86e159e35c81363b99d1c3dcd
                                                                                            • Instruction Fuzzy Hash: E3C0027900130AAFCB129B40C901F86BBE1BF55310F508066A55409070D7739438EB45
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 0786F1C0, Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ?dv3
                                                                                            • API String ID: 0-6810481
                                                                                            • Opcode ID: 49454d27bc29c7c56b21651027abc52662f3d7195e962ad6ede364e5a7bda725
                                                                                            • Instruction ID: 4911e3e708365501d5e0e6127b1a35f1ad0284fb04cf677697afe4009ab213ca
                                                                                            • Opcode Fuzzy Hash: 49454d27bc29c7c56b21651027abc52662f3d7195e962ad6ede364e5a7bda725
                                                                                            • Instruction Fuzzy Hash: C47104B4E152099FCB04CFAAE6855DEFBF2BF89214F24A42AD515FB314D3309A418F64
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07860290, Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: -
                                                                                            • API String ID: 0-2547889144
                                                                                            • Opcode ID: 2c724f7e1512029247baee5183a43489e1ee8bfa047e5949a82b1f68d66c3303
                                                                                            • Instruction ID: 10642c3c0fb2fdaf870bd548dc8c7c3cb9b862a0026832b6d33af20218702dad
                                                                                            • Opcode Fuzzy Hash: 2c724f7e1512029247baee5183a43489e1ee8bfa047e5949a82b1f68d66c3303
                                                                                            • Instruction Fuzzy Hash: 934130B1E156588BEB5DCF6B8D4478AFAF7AFC9200F14C1BAC40CA6254DB700A858F11
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0310C2B0, Relevance: .5, Instructions: 520COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.211103317.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 434614ba823cd60e89518abee215101d10080a4dba46cc2d56b2cca6e91be291
                                                                                            • Instruction ID: dca3e0170b9598066504277877441a7449bde2bd40d8ccc15857ba7d54334bde
                                                                                            • Opcode Fuzzy Hash: 434614ba823cd60e89518abee215101d10080a4dba46cc2d56b2cca6e91be291
                                                                                            • Instruction Fuzzy Hash: 3E529EB1500702AFD738EF14E4C9199BBB2FB6A324F525208D1529F6D8D3B454EACFA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 078676F1, Relevance: .3, Instructions: 273COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e1505f96b6d2499d92bed355934c0eeae27f9362b0fd4432924b55f8a3732aab
                                                                                            • Instruction ID: 0015f5d36ea915192a137eab0d57a1e5b17d5036ffff16dfb249913e7d1afb81
                                                                                            • Opcode Fuzzy Hash: e1505f96b6d2499d92bed355934c0eeae27f9362b0fd4432924b55f8a3732aab
                                                                                            • Instruction Fuzzy Hash: 74D10934C2075A8ACB11EB65C8506DEB771FFE5200F61879AD1497B660EBB06EC9CB41
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 031099A0, Relevance: .3, Instructions: 265COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.211103317.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 914ab14796160913babfd19f3de39b6089427dd24b099637f448bd1a68512720
                                                                                            • Instruction ID: af692dc1dacf067140f4abb74ab17d366003e54c60edff92ac5915ddea09ea34
                                                                                            • Opcode Fuzzy Hash: 914ab14796160913babfd19f3de39b6089427dd24b099637f448bd1a68512720
                                                                                            • Instruction Fuzzy Hash: D8A16C36E003198FCF15DFB5C84459EBBB2FF89300B19856AE905BB261EBB1E955CB40
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07867700, Relevance: .3, Instructions: 264COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0f2bc939a8b829c96badc5ad9a0ae56f87e2d411254530c65e07d3a02f90ab3f
                                                                                            • Instruction ID: 5bb2f9fb8a5f48f839a5e693293a620fe588a1052382b46c3f9eac2eb7037344
                                                                                            • Opcode Fuzzy Hash: 0f2bc939a8b829c96badc5ad9a0ae56f87e2d411254530c65e07d3a02f90ab3f
                                                                                            • Instruction Fuzzy Hash: 7DD1F934C2075A8ACB11EB65C950ADEB371FFE5200F61879AD14977660FBB06EC5CB41
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786DDB8, Relevance: .2, Instructions: 190COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4725fca7e6103e0f01d4c7465c3f5cd3f7168f7697f6fff925ee32a04930378a
                                                                                            • Instruction ID: 03a4986b6f8f50b8b4dee1dea2bcfd78bf8b3d66f1b383993fd26d4f6400c8ff
                                                                                            • Opcode Fuzzy Hash: 4725fca7e6103e0f01d4c7465c3f5cd3f7168f7697f6fff925ee32a04930378a
                                                                                            • Instruction Fuzzy Hash: 2F81F0B4E15209DFCB04CFA9C58499EFBF1FF89254F148569E415EB224D334AA42CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07860007, Relevance: .2, Instructions: 169COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0e2bbfa38d05a7e3ad6e2949aa44d1ee1b1f7ab18e6b52912b131dfa199ccebc
                                                                                            • Instruction ID: 29c982e28cb5a0075adcfe1689063fe8cc60728615b29d6854925b398807abdb
                                                                                            • Opcode Fuzzy Hash: 0e2bbfa38d05a7e3ad6e2949aa44d1ee1b1f7ab18e6b52912b131dfa199ccebc
                                                                                            • Instruction Fuzzy Hash: 9D61BB74A4424ACFC745EFBAD441A9EBFF2FF8A304F048869D1019B261EB784C46CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07860040, Relevance: .1, Instructions: 144COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d70db5f6acccc97cb51fa0df83b7afc11a9538e91260a2fa8f98ea82fa80a42f
                                                                                            • Instruction ID: 4eaa86e7e8d6d1633a1660465bd8a1e21faf18f6808ce207dc6bb957827408c2
                                                                                            • Opcode Fuzzy Hash: d70db5f6acccc97cb51fa0df83b7afc11a9538e91260a2fa8f98ea82fa80a42f
                                                                                            • Instruction Fuzzy Hash: 00516FB4A5420ACFC745EF6AD441A9E7BF2FBCA308F04C829D1059B260EB795C46CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786F468, Relevance: .1, Instructions: 108COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dce56d8978c42e78c4d145b464706a949002a8fe86852015c23fef9906593bb8
                                                                                            • Instruction ID: cc532e60c09a36dfb25ece063c4b89b0355d2c8e312b6b02b15ba8be38c69030
                                                                                            • Opcode Fuzzy Hash: dce56d8978c42e78c4d145b464706a949002a8fe86852015c23fef9906593bb8
                                                                                            • Instruction Fuzzy Hash: 224106B4E0520AEFCB04CFA9D5455AEFBF2BF99304F24C46AC515E7308D7349A418B94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07860281, Relevance: .1, Instructions: 101COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6aa698fd8410a3e5a2174ca2db08a9c74dbb12f5dd73880cc63123d5183911e9
                                                                                            • Instruction ID: 621adc87650c1fd966eb8e35e8a0bbbc34def545f8c31adf3f414b05e9be5c16
                                                                                            • Opcode Fuzzy Hash: 6aa698fd8410a3e5a2174ca2db08a9c74dbb12f5dd73880cc63123d5183911e9
                                                                                            • Instruction Fuzzy Hash: 0C4153B1E156598BEB5DCF6B9C44789FAF7BFC9200F14C1BAD84CAA254DB7006858F10
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0786A1B0, Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.214576979.0000000007860000.00000040.00000001.sdmp, Offset: 07860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d8db538b7df23acfd151022a3f9fccc00373c9a95b496198822753aea6f86733
                                                                                            • Instruction ID: ca552d71520f76f2c1043caca08906955182f44548f1661a7a32395489b46a4b
                                                                                            • Opcode Fuzzy Hash: d8db538b7df23acfd151022a3f9fccc00373c9a95b496198822753aea6f86733
                                                                                            • Instruction Fuzzy Hash: CB21C9B1E146189BEB1CCFABD84579EFBF7AFC8201F04C076D918A6218EB7405568E51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Analysis Process: MSBuild.exe PID: 6036 Parent PID: 5760 MSBuild.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 00CC481A, Relevance: 3.5, APIs: 2, Instructions: 455COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetWindowLongPtrA.USER32(00000001,00000000,00000000,00000000,00000000,?), ref: 00CC497F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.465084262.0000000000CC0000.00000040.00000001.sdmp, Offset: 00CC0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LongWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1378638983-0
                                                                                            • Opcode ID: 1d22d4c4df87833285c9ada3fbef26ec447ad12d019a3837de8cdc58b271a952
                                                                                            • Instruction ID: e10610d00962bdc3a266ceac84b330dbc03c1bd29529254b565b2a1f6af611bc
                                                                                            • Opcode Fuzzy Hash: 1d22d4c4df87833285c9ada3fbef26ec447ad12d019a3837de8cdc58b271a952
                                                                                            • Instruction Fuzzy Hash: E4F18170E001089BEF28DBA8C4A5FADB7B2EB85714F14C429E525EF285CB35DD41DBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00FCA418, Relevance: 2.3, APIs: 1, Instructions: 760libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466691369.0000000000FC0000.00000040.00000001.sdmp, Offset: 00FC0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 2645975c5e3e40217e03997bfc2e444a22d2f4fb5138cbd5d3c1cad9e1cede7d
                                                                                            • Instruction ID: 4210fe0d0dbb2f1d821349a5185c58a65a4ae3b603b813eeb67e0b1c41280249
                                                                                            • Opcode Fuzzy Hash: 2645975c5e3e40217e03997bfc2e444a22d2f4fb5138cbd5d3c1cad9e1cede7d
                                                                                            • Instruction Fuzzy Hash: CA621871E006198FCB24EF78C95569DB7F1AF89304F1085AED54AAB350EF30AE85CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0115BA18, Relevance: 1.9, APIs: 1, Instructions: 396COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466754275.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1a835b8425e2dbab7e7300efff961f046537fe7ee9eb327a52d066c79bb4630d
                                                                                            • Instruction ID: b641b06aa3fe07f42c7f9d13b1995694d702965d128cd75496dbf04655f27b86
                                                                                            • Opcode Fuzzy Hash: 1a835b8425e2dbab7e7300efff961f046537fe7ee9eb327a52d066c79bb4630d
                                                                                            • Instruction Fuzzy Hash: A3F17F30A04209CFDB58CFA9C844B9DBBF2FF84304F158159E919AB2A5DB70E945CF55
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00CC84C0, Relevance: 1.7, APIs: 1, Instructions: 180libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.465084262.0000000000CC0000.00000040.00000001.sdmp, Offset: 00CC0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: c141ca65c5cc69b7c6ba8a96a70ea26a8acea8c531b02d14a5dd3725d6dfb100
                                                                                            • Instruction ID: 86c3b817a0f3e5d5c32686dd1e8a01a89299a5c7ee67119016dd0c0df9a71d18
                                                                                            • Opcode Fuzzy Hash: c141ca65c5cc69b7c6ba8a96a70ea26a8acea8c531b02d14a5dd3725d6dfb100
                                                                                            • Instruction Fuzzy Hash: 40611A30A103099FDB14ABB5D858BAEB7B2AF84314F20842DE416E7790DF759D49CB54
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00EE6940, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCurrentProcess.KERNEL32 ref: 00EE69A0
                                                                                            • GetCurrentThread.KERNEL32 ref: 00EE69DD
                                                                                            • GetCurrentProcess.KERNEL32 ref: 00EE6A1A
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00EE6A73
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466464270.0000000000EE0000.00000040.00000001.sdmp, Offset: 00EE0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Current$ProcessThread
                                                                                            • String ID:
                                                                                            • API String ID: 2063062207-0
                                                                                            • Opcode ID: 740f52e71a81bff62c927c7d9b65a5b44310ac3addf629834ae11cf16e99c2c7
                                                                                            • Instruction ID: 4b59746e6400886d749366c3c7a6e01d96fdabd183e57b156f34b1844ad21d28
                                                                                            • Opcode Fuzzy Hash: 740f52e71a81bff62c927c7d9b65a5b44310ac3addf629834ae11cf16e99c2c7
                                                                                            • Instruction Fuzzy Hash: 025134B0E006488FDB50CFAAD588BDEBBF0EF99318F208059E459B7350D774A944CB66
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00FCC578, Relevance: 1.6, APIs: 1, Instructions: 148libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466691369.0000000000FC0000.00000040.00000001.sdmp, Offset: 00FC0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: e8718ff45e9ab19fcc36c5578e043c65487d4479bf83ce6fc1cf3ad347f5160d
                                                                                            • Instruction ID: d8f5f7fd2d945fa1fa98c38e6d1114fe9db144ffd6d157f591e108d1bfacca4a
                                                                                            • Opcode Fuzzy Hash: e8718ff45e9ab19fcc36c5578e043c65487d4479bf83ce6fc1cf3ad347f5160d
                                                                                            • Instruction Fuzzy Hash: BD519331B102069BCB04EBB4D995AAEB7B6FF84304F148969E506DB352EF70DD048BA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00FCC574, Relevance: 1.6, APIs: 1, Instructions: 137libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466691369.0000000000FC0000.00000040.00000001.sdmp, Offset: 00FC0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 3ba8a2dac6640fedb309744f2e86d1f6c76351a90a7479fd21f4981fde89ef02
                                                                                            • Instruction ID: 3255373fedba758cc7bfd33220ae5ecd9b851e2ac6721a70d955afb360b9eb0f
                                                                                            • Opcode Fuzzy Hash: 3ba8a2dac6640fedb309744f2e86d1f6c76351a90a7479fd21f4981fde89ef02
                                                                                            • Instruction Fuzzy Hash: D8419331B102069FCB04EBB4D945AAEB7F5EF84304F248969E516DB351EF70DD048BA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00EE5084, Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00EE51A2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466464270.0000000000EE0000.00000040.00000001.sdmp, Offset: 00EE0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateWindow
                                                                                            • String ID:
                                                                                            • API String ID: 716092398-0
                                                                                            • Opcode ID: 3a05118a5525719711a1755ee348bd0b67fa337ac41a7c2c5d9b6832fd250281
                                                                                            • Instruction ID: f9ec13e69353388e3ce75e9d8c631aef8d73ca7f9f4b5d25f0d8ebf66496fe14
                                                                                            • Opcode Fuzzy Hash: 3a05118a5525719711a1755ee348bd0b67fa337ac41a7c2c5d9b6832fd250281
                                                                                            • Instruction Fuzzy Hash: 2651D2B1D107489FDB14CF9AC884ADEBBB1BF88314F24812AE819AB210D7749945CF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00EE5090, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00EE51A2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466464270.0000000000EE0000.00000040.00000001.sdmp, Offset: 00EE0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateWindow
                                                                                            • String ID:
                                                                                            • API String ID: 716092398-0
                                                                                            • Opcode ID: e80f39fd28b5b9537c236b234ed27c2f8511fe4316604dcc911bec4fbb41203f
                                                                                            • Instruction ID: 4bfcc27dbe92326ef4ed6e5bf90e193741a6cb02ee12364dd65079faab9ce3b4
                                                                                            • Opcode Fuzzy Hash: e80f39fd28b5b9537c236b234ed27c2f8511fe4316604dcc911bec4fbb41203f
                                                                                            • Instruction Fuzzy Hash: 3241C0B1D107489FDF14CF9AC884ADEBBB5BF88314F64812AE819BB210D7749945CF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00EE779C, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 00EE7F01
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466464270.0000000000EE0000.00000040.00000001.sdmp, Offset: 00EE0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CallProcWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2714655100-0
                                                                                            • Opcode ID: 2a4ffc76480d132c9d304d13a4e5aa74d56c16d6d6b19267b4ce9c6bd723a686
                                                                                            • Instruction ID: 2063febfbf8eced4db8c8b1b143b9b72dbc04736a88030306762075e1b2e7fa0
                                                                                            • Opcode Fuzzy Hash: 2a4ffc76480d132c9d304d13a4e5aa74d56c16d6d6b19267b4ce9c6bd723a686
                                                                                            • Instruction Fuzzy Hash: 0F414EB4A04349CFDB14CF9AC448AAABBF5FF88314F148459E559A7321D774AC41CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00FC2C30, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,00000000,?), ref: 00FC2CF1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466691369.0000000000FC0000.00000040.00000001.sdmp, Offset: 00FC0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: QueryValue
                                                                                            • String ID:
                                                                                            • API String ID: 3660427363-0
                                                                                            • Opcode ID: 1b658c5f9910f4d82f956a657adcc86315aa5d1aa78f1c4e2d331b60c008aaaa
                                                                                            • Instruction ID: 534fd3006879d9fd8ccd390c746c04c15c11849c026c2deca16936836903f86a
                                                                                            • Opcode Fuzzy Hash: 1b658c5f9910f4d82f956a657adcc86315aa5d1aa78f1c4e2d331b60c008aaaa
                                                                                            • Instruction Fuzzy Hash: 4431DDB1D012599FCB20CF9AC984ADEBBF5FF48320F15802AE819AB350C7749905CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00FC2C38, Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,00000000,?), ref: 00FC2CF1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466691369.0000000000FC0000.00000040.00000001.sdmp, Offset: 00FC0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: QueryValue
                                                                                            • String ID:
                                                                                            • API String ID: 3660427363-0
                                                                                            • Opcode ID: 35984f33a2ee85cd2b765703a3b39995545361ff872cfd468cce2f2ec252c22f
                                                                                            • Instruction ID: 3bca2b816178a7fe27eab9f0828d5629083a61e8a57ba070744cbc49ae81b968
                                                                                            • Opcode Fuzzy Hash: 35984f33a2ee85cd2b765703a3b39995545361ff872cfd468cce2f2ec252c22f
                                                                                            • Instruction Fuzzy Hash: 1131CCB1D012599FCB20CF9AC984A9EBBF5BF48310F15802AE819AB350C7749905CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00FC2977, Relevance: 1.6, APIs: 1, Instructions: 84registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegOpenKeyExW.KERNELBASE(?,00000000,?,00000001,?), ref: 00FC2A34
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466691369.0000000000FC0000.00000040.00000001.sdmp, Offset: 00FC0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Open
                                                                                            • String ID:
                                                                                            • API String ID: 71445658-0
                                                                                            • Opcode ID: c3562c5d1b62c504e4c96a7f3a19731a61df56307bc3806f0a787a44e3149c5c
                                                                                            • Instruction ID: d9f85e03112535c5eb96174713534bc46b77664b39a45af67158394af7355c03
                                                                                            • Opcode Fuzzy Hash: c3562c5d1b62c504e4c96a7f3a19731a61df56307bc3806f0a787a44e3149c5c
                                                                                            • Instruction Fuzzy Hash: BB3101B1D002498FDB14CF99C584B8EFBF5BF48314F29816EE809AB341C7B99985CB90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00FC2980, Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegOpenKeyExW.KERNELBASE(?,00000000,?,00000001,?), ref: 00FC2A34
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466691369.0000000000FC0000.00000040.00000001.sdmp, Offset: 00FC0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Open
                                                                                            • String ID:
                                                                                            • API String ID: 71445658-0
                                                                                            • Opcode ID: 8735b79062049b657a2efc2d5ed56dcdfb53674d5e18a44387b8066c2f6f15ef
                                                                                            • Instruction ID: 567469443804bae045dffdb6a35801f78593ec8b44e5018ccdaf67882ed399db
                                                                                            • Opcode Fuzzy Hash: 8735b79062049b657a2efc2d5ed56dcdfb53674d5e18a44387b8066c2f6f15ef
                                                                                            • Instruction Fuzzy Hash: 3B31F0B1D002498FDB14CF99C684A8EFBF5BF48314F28816EE809AB341C7759985CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00EE6B61, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00EE6BEF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466464270.0000000000EE0000.00000040.00000001.sdmp, Offset: 00EE0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: 9e8127aa06977d14663e2047a0073d82fab52b256a088bfb565d467dbd011340
                                                                                            • Instruction ID: 0d380a4c2281dbb1463f1bb922e0676ed0ea128bc0d4efa20da8d4ce322bffd9
                                                                                            • Opcode Fuzzy Hash: 9e8127aa06977d14663e2047a0073d82fab52b256a088bfb565d467dbd011340
                                                                                            • Instruction Fuzzy Hash: 5D2100B59002489FDB10CFAAD984ADEFBF4EB48324F14801AE958A7310D374A945CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00FCE7F8, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,00FCE77A), ref: 00FCE867
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466691369.0000000000FC0000.00000040.00000001.sdmp, Offset: 00FC0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: GlobalMemoryStatus
                                                                                            • String ID:
                                                                                            • API String ID: 1890195054-0
                                                                                            • Opcode ID: 59018f6d70c62432649aed34699b38b6fe023151e7194b902453e85b42a8f0ce
                                                                                            • Instruction ID: c8c3ce58e67e36037f8c0ea00eb443d93abe2f8e2593f15f90b414735ec0ee6a
                                                                                            • Opcode Fuzzy Hash: 59018f6d70c62432649aed34699b38b6fe023151e7194b902453e85b42a8f0ce
                                                                                            • Instruction Fuzzy Hash: 5B216AB1D0061A8FCB10CFA9D945BEEFBF4AF48324F15816AD414A7340D3789945CF91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00EE6B68, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00EE6BEF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466464270.0000000000EE0000.00000040.00000001.sdmp, Offset: 00EE0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: 0df5ceac92f45a2b67b031f3273309a5667438d0f2d6ab288d1da7338bc9f764
                                                                                            • Instruction ID: 5d278d295dca9e97e2b984279ffa856950d028e4a6cb4f638907cbfc75b76939
                                                                                            • Opcode Fuzzy Hash: 0df5ceac92f45a2b67b031f3273309a5667438d0f2d6ab288d1da7338bc9f764
                                                                                            • Instruction Fuzzy Hash: A621C2B59002489FDB10CFAAD984ADEFBF8EB48324F14841AE955B7350D774A944CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00EEBDE8, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlEncodePointer.NTDLL(00000000), ref: 00EEBE72
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466464270.0000000000EE0000.00000040.00000001.sdmp, Offset: 00EE0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EncodePointer
                                                                                            • String ID:
                                                                                            • API String ID: 2118026453-0
                                                                                            • Opcode ID: 91a26bf4bae77991213ffd2d66958e667cf970197c4751747a80fda3f2fb3adc
                                                                                            • Instruction ID: 51d1fb2853c9203878a830741be761c99613351d4d53ddb1a4a80f275ac4543e
                                                                                            • Opcode Fuzzy Hash: 91a26bf4bae77991213ffd2d66958e667cf970197c4751747a80fda3f2fb3adc
                                                                                            • Instruction Fuzzy Hash: 062138B29003898FDB50DF9AD5897DBBBF4FB49314F54882DD505B7201C77869048FA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01156B14, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,00000000,?,01157D19,00000800), ref: 01157DAA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466754275.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad
                                                                                            • String ID:
                                                                                            • API String ID: 1029625771-0
                                                                                            • Opcode ID: d44a988eb6c5101a2569017f397fd0730d78972aa65cd330214e2faa157c7b98
                                                                                            • Instruction ID: 9f25b32c35aaf71d2fa5f29178cbb00059acdb6ec1c4cc1f4c18b2a48a6008fd
                                                                                            • Opcode Fuzzy Hash: d44a988eb6c5101a2569017f397fd0730d78972aa65cd330214e2faa157c7b98
                                                                                            • Instruction Fuzzy Hash: 9B1106B69002088FDB14CF9AC444AEEFBF4AB88324F14841AE919B7240C374A945CFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01157D39, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,00000000,?,01157D19,00000800), ref: 01157DAA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466754275.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad
                                                                                            • String ID:
                                                                                            • API String ID: 1029625771-0
                                                                                            • Opcode ID: a8dacd7ad418a4c76535c90a58518272fcc7381e3f0b3781482990c66dbe0f88
                                                                                            • Instruction ID: a257dc7d91a6cfce02712222f06991a792ba3ec4a5b652a3124cdc2ade8e8b4f
                                                                                            • Opcode Fuzzy Hash: a8dacd7ad418a4c76535c90a58518272fcc7381e3f0b3781482990c66dbe0f88
                                                                                            • Instruction Fuzzy Hash: 5C1106B69002488FDB14CFAAC884BEEFBF4AF89314F14852ED959A7640C374A545CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00FC42E0, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,00FCE77A), ref: 00FCE867
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466691369.0000000000FC0000.00000040.00000001.sdmp, Offset: 00FC0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: GlobalMemoryStatus
                                                                                            • String ID:
                                                                                            • API String ID: 1890195054-0
                                                                                            • Opcode ID: c4bd4d9fa88a83f6f0feeceef9bd0f9252738985db509aca19dccfd3e8f795ad
                                                                                            • Instruction ID: 01118713bac6534e2a895efac3ad3bf8316bbde65265c162a9d9a0d1155ab5fb
                                                                                            • Opcode Fuzzy Hash: c4bd4d9fa88a83f6f0feeceef9bd0f9252738985db509aca19dccfd3e8f795ad
                                                                                            • Instruction Fuzzy Hash: 931103B1D0065A9BCB10CF9AC545BDEFBF4AB48324F15852AE818B7280D778A944CFE1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00EEBDF8, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlEncodePointer.NTDLL(00000000), ref: 00EEBE72
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466464270.0000000000EE0000.00000040.00000001.sdmp, Offset: 00EE0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EncodePointer
                                                                                            • String ID:
                                                                                            • API String ID: 2118026453-0
                                                                                            • Opcode ID: 11a83b619e4979868b3c0092399a1589260c890f96366b0f9573b19261dbda6c
                                                                                            • Instruction ID: 7531ad19a05a8c69958aaa243eed486402d4b1057902d3aac997c3b3d8703d84
                                                                                            • Opcode Fuzzy Hash: 11a83b619e4979868b3c0092399a1589260c890f96366b0f9573b19261dbda6c
                                                                                            • Instruction Fuzzy Hash: E21147B19003898FDB60DFAAD5887DBBBF4EB49318F64842ED505B7640C77869048FA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00CC84B4, Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.465084262.0000000000CC0000.00000040.00000001.sdmp, Offset: 00CC0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 00b682f70b17c06199b3d2e0586c3fa4491001222a66ca3fb7dc8e131829c44a
                                                                                            • Instruction ID: 47676beaa0d32dded66a27e921b5b456348938f2475c315ef86299738869a8c6
                                                                                            • Opcode Fuzzy Hash: 00b682f70b17c06199b3d2e0586c3fa4491001222a66ca3fb7dc8e131829c44a
                                                                                            • Instruction Fuzzy Hash: 6211FC70A11208DFDB14DFA4D598BAEBBB1FF44305F208529E001A7754DB759989CB54
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00EE3300, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 00EE4116
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466464270.0000000000EE0000.00000040.00000001.sdmp, Offset: 00EE0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: HandleModule
                                                                                            • String ID:
                                                                                            • API String ID: 4139908857-0
                                                                                            • Opcode ID: f08dd1b4b05cb13d6d126160dc1a9532487d5486910305cc2edf86e16228f98b
                                                                                            • Instruction ID: 89ba9f2bc4f37dce1f689c76aed33d9ae8bf60393d8a6728735bc93be977f100
                                                                                            • Opcode Fuzzy Hash: f08dd1b4b05cb13d6d126160dc1a9532487d5486910305cc2edf86e16228f98b
                                                                                            • Instruction Fuzzy Hash: F411F0B6D006498FDB20CF9AC448BDEFBF4EB89324F10842AD919B7240D374A945CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00EE40AA, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 00EE4116
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466464270.0000000000EE0000.00000040.00000001.sdmp, Offset: 00EE0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: HandleModule
                                                                                            • String ID:
                                                                                            • API String ID: 4139908857-0
                                                                                            • Opcode ID: 820227ba92caee003a0499907b81dc610372004dfbc0a6a292c130b2016909f7
                                                                                            • Instruction ID: 22c0881ee6f3ac8faf6bfe3a239f02cb80a6c4139f67f5ee04779bf4c092f78a
                                                                                            • Opcode Fuzzy Hash: 820227ba92caee003a0499907b81dc610372004dfbc0a6a292c130b2016909f7
                                                                                            • Instruction Fuzzy Hash: 841104B6D006498FDB10CFAAC4447DEFBF5AB88314F11842AD559B7640C374A546CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0115B7F8, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • OleInitialize.OLE32(00000000), ref: 0115B855
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466754275.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Initialize
                                                                                            • String ID:
                                                                                            • API String ID: 2538663250-0
                                                                                            • Opcode ID: c2c133e4a13db95a64ca8e5121cc9ba35c84bd87fe73be08b532703c36b7ba79
                                                                                            • Instruction ID: ff8dfbcc4ca1658d3d3be359fb07fa63fb1001b748250739e8d6b73b908fefa6
                                                                                            • Opcode Fuzzy Hash: c2c133e4a13db95a64ca8e5121cc9ba35c84bd87fe73be08b532703c36b7ba79
                                                                                            • Instruction Fuzzy Hash: 8A1103B59046488FCB60CF9AD489BDEBBF4EB48224F148419D919B7240C378A944CFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0115A908, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • OleInitialize.OLE32(00000000), ref: 0115B855
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.466754275.0000000001150000.00000040.00000001.sdmp, Offset: 01150000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Initialize
                                                                                            • String ID:
                                                                                            • API String ID: 2538663250-0
                                                                                            • Opcode ID: 3c9f9f9b6515729919e404f734e8afafa55bb50e5071752548680c5dd5f3f601
                                                                                            • Instruction ID: 2d20dfeab6aafcac22f1e6f5ee9b7154fd52596d9b62185510960be388bf24d1
                                                                                            • Opcode Fuzzy Hash: 3c9f9f9b6515729919e404f734e8afafa55bb50e5071752548680c5dd5f3f601
                                                                                            • Instruction Fuzzy Hash: 841103B5904648CFDB50CF9AC588BDEBBF4EB48224F248419E919B7210D374A944CFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions